General

  • Target

    ab12c2635fbbe02753c1317cb8db8b92.exe

  • Size

    352KB

  • Sample

    240107-x1mdvsdbg2

  • MD5

    ab12c2635fbbe02753c1317cb8db8b92

  • SHA1

    7be1f5b257f45eae08ec4aef542b522757b3a3e2

  • SHA256

    e12c57ffa10b4e30dbeae355b716710a3d4210c0abba414b7524235df19ce011

  • SHA512

    b371ec7b1eeab7b204972e8f40e614a21da136c2027305f095b8f743456735d8f37f73a069a981edd7c1d9e5ab8ef511cbf86e50cac08f4f8b55c654b080fd3f

  • SSDEEP

    6144:vcfILdjIYM5f87c3fdEoHWNVqV4EeEXCFbpGtU8dXP4dojcu4jZCbglo9:v+ILdsv5E8fdEoHWNMV+aCBktUKXXjcL

Malware Config

Extracted

Family

cybergate

Version

v1.07.5

Botnet

hans

C2

antivir.no-ip.biz:608

Mutex

6V5K21L6E8L868

Attributes
  • enable_keylogger

    true

  • enable_message_box

    false

  • ftp_directory

    ./logs/

  • ftp_interval

    30

  • injected_process

    explorer.exe

  • install_dir

    install

  • install_file

    explorer.exe

  • install_flag

    true

  • keylogger_enable_ftp

    false

  • message_box_caption

    Remote Administration anywhere in the world.

  • message_box_title

    CyberGate

  • password

    123456789

  • regkey_hkcu

    HKCU

  • regkey_hklm

    HKLM

Targets

    • Target

      ab12c2635fbbe02753c1317cb8db8b92.exe

    • Size

      352KB

    • MD5

      ab12c2635fbbe02753c1317cb8db8b92

    • SHA1

      7be1f5b257f45eae08ec4aef542b522757b3a3e2

    • SHA256

      e12c57ffa10b4e30dbeae355b716710a3d4210c0abba414b7524235df19ce011

    • SHA512

      b371ec7b1eeab7b204972e8f40e614a21da136c2027305f095b8f743456735d8f37f73a069a981edd7c1d9e5ab8ef511cbf86e50cac08f4f8b55c654b080fd3f

    • SSDEEP

      6144:vcfILdjIYM5f87c3fdEoHWNVqV4EeEXCFbpGtU8dXP4dojcu4jZCbglo9:v+ILdsv5E8fdEoHWNMV+aCBktUKXXjcL

    • CyberGate, Rebhip

      CyberGate is a lightweight remote administration tool with a wide array of functionalities.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks