cybergate | 3a6a06e226eb789f793a0dcbd44fdbdd7cde21c06cf14a80899170c37a402397 | Triage

Submit
Reports

Overview

overview

Static

static

52f66201ca...1c.exe

windows7-x64

52f66201ca...1c.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

52f66201cae362b3806526075cbc111c
Size

344KB
Sample

240111-jrv3racafk
MD5

52f66201cae362b3806526075cbc111c
SHA1

d97956da650316aa217922cf66ece7341128e1ec
SHA256

3a6a06e226eb789f793a0dcbd44fdbdd7cde21c06cf14a80899170c37a402397
SHA512

04a3de8cfd18a07ddac3d234ec454024ac04d562efa79fab476546a833c0a7262f569259539eb35f96ca4f71ebbdd0e47d6c7c7b0fbc59ad19eecc1c264e43ed
SSDEEP

6144:DmcD66Rz5JGmrpQsK3RD2u270jupCJsCxC3I37Ni2:6cD66AZ2zkPaCx3

Score

10^/10

cybergate vítima persistence stealer trojan upx

Static task

static1

upx vítima cybergate

3 signatures

Behavioral task

behavioral1

Sample

52f66201cae362b3806526075cbc111c.exe

Resource

win7-20231215-en

cybergate vítima persistence stealer trojan upx

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

52f66201cae362b3806526075cbc111c.exe

Resource

win10v2004-20231215-en

cybergate vítima persistence stealer trojan upx

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

cybergate

Version

2.6

Botnet

vítima

C2

192.168.1.10:83

jojojojo666.no-ip.biz:83

duvannt.no-ip.biz:83

Mutex

***MUTEX***

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./logs/
ftp_interval
30
injected_process
explorer.exe
install_dir
spynet
install_file
server.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
texto da mensagem
message_box_title
título da mensagem
password
abcd1234
regkey_hkcu
HKCU
regkey_hklm
HKLM

Targets

- Target
  
  52f66201cae362b3806526075cbc111c
- Size
  
  344KB
- MD5
  
  52f66201cae362b3806526075cbc111c
- SHA1
  
  d97956da650316aa217922cf66ece7341128e1ec
- SHA256
  
  3a6a06e226eb789f793a0dcbd44fdbdd7cde21c06cf14a80899170c37a402397
- SHA512
  
  04a3de8cfd18a07ddac3d234ec454024ac04d562efa79fab476546a833c0a7262f569259539eb35f96ca4f71ebbdd0e47d6c7c7b0fbc59ad19eecc1c264e43ed
- SSDEEP
  
  6144:DmcD66Rz5JGmrpQsK3RD2u270jupCJsCxC3I37Ni2:6cD66AZ2zkPaCx3
Score

10^/10

cybergate vítima persistence stealer trojan upx
- CyberGate, Rebhip
  CyberGate is a lightweight remote administration tool with a wide array of functionalities.
  trojan stealer cybergate
- Adds policy Run key to start application
  persistence
- Modifies Installed Components in the registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

upxvítimacybergate

behavioral1

cybergatevítimapersistencestealertrojanupx

behavioral2

cybergatevítimapersistencestealertrojanupx

© 2018-2025

Terms | Privacy