cybergate | 48b6fa01f18368de40fc75c5961c9303b49904b62522b232971e42a0a22f65fb

Analysis

max time kernel
0s
max time network
118s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
06-01-2024 10:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6135bf53904738eced514d260840cb25.exe
Size

404KB
MD5

6135bf53904738eced514d260840cb25
SHA1

42038ef409fb670cad2435a540093c36c97d50c0
SHA256

48b6fa01f18368de40fc75c5961c9303b49904b62522b232971e42a0a22f65fb
SHA512

f7e50657b44320621e795b9d03adf2fbc1c6e59caca1be8beec520104dc87290c11256d8da5d3793fd2998269950d3457bc6b73024e9091b06773b8c808f4cb6
SSDEEP

6144:TSncRl5/rhlAhEKwLOpslFlqKhdBCkWYxuukP1pjSKSNVkq/MVJb:m4j/NqhEKIwslvTBd47GLRMTb

Score

10^/10

cybergate admin stealer trojan upx

Malware Config

Extracted

Family

cybergate

Version

v1.07.5

Botnet

admin

aktrom.no-ip.org:1234

Mutex

1C8NG20S0LJA44

Attributes

enable_keylogger
true
enable_message_box
true
ftp_directory
./logs/
ftp_interval
30
injected_process
explorer.exe
install_dir
install
install_file
server.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
the application wont open.
message_box_title
Error
password
admin
regkey_hkcu
HKCU
regkey_hklm
HKLM

Signatures

CyberGate, Rebhip
CyberGate is a lightweight remote administration tool with a wide array of functionalities.
trojan stealer cybergate

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2376-556-0x0000000010480000-0x00000000104E5000-memory.dmp	upx
behavioral1/memory/3052-852-0x0000000010560000-0x00000000105C5000-memory.dmp	upx
behavioral1/memory/2376-1674-0x0000000010480000-0x00000000104E5000-memory.dmp	upx
behavioral1/memory/3052-2115-0x0000000010560000-0x00000000105C5000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\6135bf53904738eced514d260840cb25.exe
"C:\Users\Admin\AppData\Local\Temp\6135bf53904738eced514d260840cb25.exe"
1⤵
PID:1936

C:\Users\Admin\AppData\Roaming\SERVER.EXE
"C:\Users\Admin\AppData\Roaming\SERVER.EXE"
2⤵
PID:2820

C:\Windows\SysWOW64\explorer.exe
explorer.exe
3⤵
PID:2376

C:\Users\Admin\AppData\Roaming\SERVER.EXE
"C:\Users\Admin\AppData\Roaming\SERVER.EXE"
3⤵
PID:3052

C:\Windows\SysWOW64\install\server.exe
"C:\Windows\system32\install\server.exe"
4⤵
PID:1912

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
3⤵
PID:1728

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
1⤵
PID:2296

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Admin7
Filesize
8B

MD5
75e0e0389657ea67b28a1a02e9be5ab4

SHA1
280e108c35b35fbbe4a88fb69a73ffc39976f53c

SHA256
3b6c4b88e2c3808e00ccde52975cb66a732edb1dcf8330956be0daf273fa7df2

SHA512
da8341323a6039b44f4f7704e3c6f9ac55544706a49eeb2d4af3a75469098deed3714800345a1c5affd7f510253bc13c0a0ccc0b75162ff9510f6de8033646ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\Admin7
Filesize
8B

MD5
3b1d79c390d85e762ce30e9f2529e2e5

SHA1
73353b15c4f4e39492f9fa890f695401d2ccdc5c

SHA256
dae628d07d2935d6c7843778136fa1c3a1fee3b48133e14c0719cb8a1c341c67

SHA512
1fdd4eeab7bc28616d683ff2b299a689950ff6d6255c00d6919a0bd1642bb400e17a863e4801dcd5c9eecfaaa328c69e72a79d1387668c7775b4bf81705a1690

Download Submit
C:\Users\Admin\AppData\Local\Temp\Admin7
Filesize
8B

MD5
d59baca5d1b029dec4faab32ddc7aab5

SHA1
45fdf73d2ae94f875a9275fa9b964d44dfb9b504

SHA256
b0daf27f58262660757a976231471ae806fdeec3eb0e083faa8f9a01a8c27523

SHA512
c3f0b2df5f1a5e416f4808c07fca9434548e5f340cc4ff50cdc7a6363072e02be837362efbfde36a70bd8bdfb4f34ccaf0134d3d849403c04b67eeb3a5460b6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Admin7
Filesize
8B

MD5
64e725f16c95001ddfa5d9350737c075

SHA1
b3da266512b083245a1294351139b23bbb2291dd

SHA256
3d2e45d898b422c92adee79923122369ad743af2885fa7c1f2426e4c21b5f9b9

SHA512
0bca80f7550f56979a2139026766486112a650b2500a047b8661c5447e64828c9439002254b760ac5af4b63cad5cc36f87b4e1d58da72b2c3767d2fbf01d8965

Download Submit
C:\Users\Admin\AppData\Local\Temp\Admin7
Filesize
8B

MD5
9f911059b4366a3096616e8d5d25a497

SHA1
036f1008b03d5aabefcae7dac0eba268739fcd03

SHA256
083ff7119b65ac9807049dbb7492ece22b14c59467ea4ed8fa7a643295f1cd74

SHA512
ead3602368f9cc3069806654151a19d5bd87631f25ad3537d3961a99993f92ee488d1c314c9cfd65b2913440fd142d5d7f252d9db1f421a09a45867f626a1773

Download Submit
C:\Users\Admin\AppData\Local\Temp\Admin7
Filesize
8B

MD5
d60e378d228b2351d5fb584d1e157f10

SHA1
054a6f341698488691928999bf3f7002f13330c3

SHA256
c086297d5452bc22e12152f193a976fff28f6d20f548af5ea2a2368d9a6961be

SHA512
bc6364e3a77dfb950daceb64a2b76aef01b1766556d72601a097ddf88f362b2a20827d8fddbcfbc5b681e4b17cd3db96bde89cd8d477abd946a0a6a767e73a9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Admin7
Filesize
8B

MD5
66617986be64c9d2454e7a051b934575

SHA1
397c61bf634483a6b2059cb06c8bc4d2688353e1

SHA256
e8a736521036f3b1cc9ab7450f4dd83cd008352b6c4c809750434a7dbf7e3fb4

SHA512
4b8de409547fea0084344ae448eab980bccc602565674631d2d412983b837a103817cc189daa293a2b908fc3710b1e3e80ce129108b41934222bb3213230f2e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Admin7
Filesize
8B

MD5
eacf33a45b3c15ae5d1a68721aa598e3

SHA1
c61f9aad95a73f45767f690dd09df9d96e5aa507

SHA256
493d5e9e47d187697ddf8213f2f3e4f272cfd735b7d740273660f7a80db199be

SHA512
0e50f0444a9d84e3d2c9a31398dce055d82dca7d97258a9b93b597455ddb35059824a8c3be21046c022308d65a2e64749afac1931b93f7f8c3ade5bf46173bbd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Admin7
Filesize
8B

MD5
43dd923e2ce7e3fe0db8d2876b0cfa2a

SHA1
eb4398072b5708cff0e3182da30f2f54482de54a

SHA256
205290f8ce402cd747d1edd9a3cd37b4a9bc5d8670f3ef6f3e990c64c1e6f8e0

SHA512
4eb9b056c4b29b7f7dfb30a50faf6ea63b6ac6dc20db1c05b2c7bd3dc4eacef25d2c3dbe0844e4f0bb1661d4bff0ebb488e2659df7e79c08b40c22c0ee77ed40

Download Submit
C:\Users\Admin\AppData\Local\Temp\Admin7
Filesize
8B

MD5
5b5f3e7fe997c74033c39fc79f80c95e

SHA1
ab28ce76df0fdb48930195723b73809056527567

SHA256
3d6392d9565c70212a457aa7b872dfdb75b54c11c409d2242ff873b65a7e1341

SHA512
623a54205843c11e26a83a3ea7d61205296e60a5abcb63a22a078b48324c63744ea7597c6930ff955faaae07415e4c32ecf6d663f9e955033960c30c83c987f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Admin7
Filesize
8B

MD5
4cce3e2750bfb07343050ba8c2957bdb

SHA1
f5bc601a2993ddff2e51228c3e5917b4a3736f0b

SHA256
7f323a50300a99ef4fd43aac1bc3b42c193a8ba7a9ada0e52883af48db7568e8

SHA512
fcefef12f83036d8ef9a15b914bb1d6d0c3b015adaf6f0d3fe3a8653b3cf24cbc09f70a7ef0105d9187776c140bb0308d0b39776ba27acaf9f51a32196e89533

Download Submit
C:\Users\Admin\AppData\Local\Temp\Admin7
Filesize
8B

MD5
6dcab7ee5236afd51c24d4a58e3edc4d

SHA1
86d8e577798b7e90c4330427c34ce2e2e83d9588

SHA256
ea6a5ac62f09fdb167c80358df002275be3182b1bc8c52eee2d51d95389dda8a

SHA512
ac9ea1d34a0a942109f76a9fb9e86b8bf201eaa6e5562a03a004f70e17eb80fb380653abff8ab0c1b1923644ea92bdfaa91c4670a74f91ba8f54c45217b43012

Download Submit
C:\Users\Admin\AppData\Local\Temp\Admin7
Filesize
8B

MD5
514d23d9b3ebcad31990e77f38251566

SHA1
7d9575f82f91857feb46d14dc81511bdbbf1b697

SHA256
ac52996181ef7480073e983e94b69c421658ce6e6e22c5f31e06b4e90405df7c

SHA512
25d5ac4345934ba40b92b0e878b59d8769b0d30fd46be9d7c4c55dd098b8b7ea478d7f88142289e0e636e8acd19a386bc65d74fa309c1496041acafd772f618d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Admin7
Filesize
8B

MD5
83a5c57070fab57e7bb6e77eb97562e8

SHA1
85671b10fd78d4d1a433873bafc344a8731d1e74

SHA256
e08cb3765c5cddb7d491b7e032adb2475f8db5dbbbed5774fb28810549ba63d8

SHA512
6d0fd9e4267bea32f6d8b0407345e9be743c72b02801c3a9b1f890eed8f3372916d68b62af98c6ce94f831073f34ba6698d8cbed9c2513de1c5fdf2dc7468963

Download Submit
C:\Users\Admin\AppData\Local\Temp\Admin7
Filesize
8B

MD5
6c4b5c9b97500285c6782a3f165fc43f

SHA1
b464035c7dc3e225fb7f218f53f4ad3aaf16a3ea

SHA256
8cfc16b504bc51e7c2f1efe945f1d5335c8af4a2ba4f25e1a2db01172af572b8

SHA512
d7f83b75d48c37cbacff983fed805ef9bf37a704ec3f1cbfa5f34002b529ffd2b136e763442a487a8b7b3d37c8dee320672e5eedf079cea60dbfec2084a23248

Download Submit
C:\Users\Admin\AppData\Local\Temp\Admin7
Filesize
8B

MD5
f255c2839d7c13841a66b734a0244b00

SHA1
772a8c34e5319410ba9d3a48cd09aee5faee0f57

SHA256
fbfaffd9dc7d7d23e34e4e88aff386cff90c93964151c1a31c9750cb1b10ee79

SHA512
022ae221127445de97022b940314a1e1b7cd61576753192cffb07412a15b60cbc640e3c994e6e9dc7c76223eb6a76f09c1e5458e272fe119e81e84f83bce00d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Admin7
Filesize
8B

MD5
ddd4f4d6f7266aae1c202cd7a33b60e4

SHA1
0352165ab42b6f0c8e862fe7b58a7f4b2c50b0a4

SHA256
4a7a75029302ca0fa47ead1fa324280ac702f3f1850b76e483773c7ec6a24698

SHA512
1a01cbced7860465cfbd57ff0c20a13b85c47c98e34b1d3c05126311bf3741423dde10ed6657970c003ff24b39510fa4ddf9a499d2f90234d4497ca493f45191

Download Submit
C:\Users\Admin\AppData\Local\Temp\Admin7
Filesize
8B

MD5
77a88d5811b49aabc27a00a410fa63a4

SHA1
90f7596d3f419868f73d6774629e01d758d8c3bd

SHA256
1433c925e25bb8c11499e22087bbe5e283837f6eedf5814f6a0ad7d2f5abc822

SHA512
2530bf3efdec4ee536ba2b40c08c49945539471b6e26153e2af42847a2cae500867be644b2473b28c6726c1c4b39c02eeb67f2852956918efddab3cf84c72dd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Admin7
Filesize
8B

MD5
436d68f35843a7a184ae3fe3a3a2b552

SHA1
ccfda06475d635247c7837a7288b348027b4bfa1

SHA256
a9532248e4f008c8273f3ef507fdc1ba607a3e3349c99e06f0f23f221c34ca3e

SHA512
adb44b88adfc17aef71cb5b6f0805abd09fe06c045ee25b4df8479b48ce44f0854d9de0b484abed6ee9cdac2f299d5246a98ad3d2ad9eed543fd71580e616fa1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Admin7
Filesize
8B

MD5
bebc96735ab79625f650b7481e47ad93

SHA1
ecd328ad6a1e0214d5aa96abb9e9d5f99bdb7ded

SHA256
1f09f8d248a0ed567a3c4b26eed502c1b158feaff84a847853489ac82bde4521

SHA512
66069cac3a11128ba33f8797b616e170f4b60cd40db29f385e489910074bdabab0aa9748f9b2fd6c6fe1a24504310417406653a7074c15a7f5419620dd6f000d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Admin7
Filesize
8B

MD5
f02083b8c5757fa684456a98aa080f35

SHA1
b2f1431bd1121dadde8ba62f3c0c98f87e01c940

SHA256
14fec6888d510468a96e5bb049f011d0d36c7882fa9b6e1fb4c1fe9cb3c5a52e

SHA512
b017a3a91201d2a265ea75de00ff6cdc2cd95c4019790c431def5c4cf17e6602945145192c02b6bc36462519fb0a1fc0f6ec2f207cef3f868d25157dfffe0a59

Download Submit
C:\Users\Admin\AppData\Local\Temp\Admin7
Filesize
8B

MD5
c51d9cc1e4bc02cbda0f24799ca2d6bf

SHA1
2adb557d5eed25c91bbdb3ce8c727ea3583645be

SHA256
b65397046ead99f0e13f6ac023ba0637d50f987a567721dbd9e28de70b4f3735

SHA512
a92f4c418f1b57fff3d6be5604e3ac04e033f5ed946ce7b4a101f0621be59480c0ff7332957810b2d03a311a79a001bdb789a1c1bffa38dd82937adb478b9f1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Admin7
Filesize
8B

MD5
dcc2d734f62b695562dbbd637d91baee

SHA1
27e64718d7cc09ac632d86ecac4bcd8c2bba712c

SHA256
e7c87091f4531df6ea96a3fdc9f50cc69b81bb46b107b3f3972c4aecc94d1d51

SHA512
d9c23dfdb101a8bc8f1f42c52e45381e8c24e4ec8fbd6d43037a47669a261944473c6871394a3fea1509521d30e697da23d976a67b4ae28320f2ae89c7b23f49

Download Submit
C:\Users\Admin\AppData\Local\Temp\Admin7
Filesize
8B

MD5
fb20b39c4c087dec48ea0841511a4021

SHA1
90e4620db8e22a5e21677b809e77e730f22d1a33

SHA256
3d07a7be51e433b0b0bb8c7b6cd53473444b3738f26e5c6ecaadf1d6a0b2b250

SHA512
d310a875fc186fcf0bdff9c6aec3de08947c655eb6d5a33160c39e07cffa3c514320122bffe36d9b26f7f9e7bf9fe70b0c9b44654dbbdff918ea4cba839135b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Admin7
Filesize
8B

MD5
83fb2a850a7fce6d48f20c8dfbf2c660

SHA1
d2fd7d634dc2fcb92102fedd70ed07ca3533bcd1

SHA256
083772ae690685b85d34dfd67ea24d79e8607e8f7fc14a4ab2f22d31be685184

SHA512
c8e18ea048af4a2968629f1f3284e33b00deaba253e5d3e45e550983ff721e8a4540ef71e6ff9cef0926ce83e07a7065edcf1fb4e107f50e29eb5db9a4e2a695

Download Submit
\Users\Admin\AppData\Roaming\SERVER.EXE
Filesize
92KB

MD5
dee461224367a4c1c4ad37cadb2d250a

SHA1
9a3448765b26499be66a9e0947be3f13ad3be0be

SHA256
7072b080b6bd3e65608b0cd11148af79aadb18a7a1a9464f814828841788b06e

SHA512
b023b4ed4b214775d64a1483619a9904d186fe15082ecdbc85062c32dc639329b86d8314645d8c0b24161b079d47b3c385ff81249367b1a2871638c6186b178c

Download Submit
memory/1188-18-0x0000000002AA0000-0x0000000002AA1000-memory.dmp

Filesize
4KB

Download
memory/1936-1-0x0000000000370000-0x0000000000372000-memory.dmp

Filesize
8KB

Download
memory/2296-5-0x00000000002D0000-0x00000000002D1000-memory.dmp

Filesize
4KB

Download
memory/2296-878-0x00000000002D0000-0x00000000002D1000-memory.dmp

Filesize
4KB

Download
memory/2296-2-0x0000000000130000-0x0000000000132000-memory.dmp

Filesize
8KB

Download
memory/2376-1674-0x0000000010480000-0x00000000104E5000-memory.dmp

Filesize
404KB

Download
memory/2376-284-0x0000000000160000-0x0000000000161000-memory.dmp

Filesize
4KB

Download
memory/2376-285-0x00000000000E0000-0x00000000000E1000-memory.dmp

Filesize
4KB

Download
memory/2376-556-0x0000000010480000-0x00000000104E5000-memory.dmp

Filesize
404KB

Download
memory/3052-852-0x0000000010560000-0x00000000105C5000-memory.dmp

Filesize
404KB

Download
memory/3052-2115-0x0000000010560000-0x00000000105C5000-memory.dmp

Filesize
404KB

Download