cybergate | fe3fc49312d1343414cb670df5ec9c7532d66f403bfe47aec111a10ad8a400ce | Triage

Submit
Reports

Overview

overview

Static

static

3

02b4e3f0e7...4f.exe

windows7-x64

02b4e3f0e7...4f.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

02b4e3f0e73a73ced28d3e5cd39b7e4f
Size

354KB
Sample

231229-yzd7jachd6
MD5

02b4e3f0e73a73ced28d3e5cd39b7e4f
SHA1

0de3bfbf72d3cffa6a956b4d60b0d6a6abca33c4
SHA256

fe3fc49312d1343414cb670df5ec9c7532d66f403bfe47aec111a10ad8a400ce
SHA512

17e5442d14cada74c358e9a26afa05cf6da92f873bc106f6c3865191e7a46154b278d7156192f04cfb32a65cc4230cfee83fd0f285dcbe51b31a9c0568fee404
SSDEEP

6144:4jsirCNQyAbB3D3z/Lrz6KcYH3lfkivRiQMMpN609qINc:4jsLVAbBjz/Lrz6sqUEQkAT+

Score

10^/10

cybergate hoax persistence stealer trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

02b4e3f0e73a73ced28d3e5cd39b7e4f.exe

Resource

win7-20231215-en

cybergate hoax persistence stealer trojan upx

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

02b4e3f0e73a73ced28d3e5cd39b7e4f.exe

Resource

win10v2004-20231215-en

cybergate hoax persistence stealer trojan upx

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

cybergate

Version

v1.07.5

Botnet

HOAX

C2

muahhahahahxfsafsa.zapto.org:1337

muahhahahahxfsafsa.zapto.org:1604

Mutex

77OMB3YMR4A461

Attributes

enable_keylogger
true
enable_message_box
true
ftp_directory
./logs/
ftp_interval
30
injected_process
explorer.exe
install_dir
Appdata
install_file
svchost.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
This system is not a supported platform.
password
Ausztria1
regkey_hkcu
HKCU
regkey_hklm
HKLM

Targets

- Target
  
  02b4e3f0e73a73ced28d3e5cd39b7e4f
- Size
  
  354KB
- MD5
  
  02b4e3f0e73a73ced28d3e5cd39b7e4f
- SHA1
  
  0de3bfbf72d3cffa6a956b4d60b0d6a6abca33c4
- SHA256
  
  fe3fc49312d1343414cb670df5ec9c7532d66f403bfe47aec111a10ad8a400ce
- SHA512
  
  17e5442d14cada74c358e9a26afa05cf6da92f873bc106f6c3865191e7a46154b278d7156192f04cfb32a65cc4230cfee83fd0f285dcbe51b31a9c0568fee404
- SSDEEP
  
  6144:4jsirCNQyAbB3D3z/Lrz6KcYH3lfkivRiQMMpN609qINc:4jsLVAbBjz/Lrz6sqUEQkAT+
Score

10^/10

cybergate hoax persistence stealer trojan upx
- CyberGate, Rebhip
  CyberGate is a lightweight remote administration tool with a wide array of functionalities.
  trojan stealer cybergate
- Adds policy Run key to start application
  persistence
- Modifies Installed Components in the registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cybergatehoaxpersistencestealertrojanupx

behavioral2

cybergatehoaxpersistencestealertrojanupx

© 2018-2025

Terms | Privacy