cybergate | e124cb8204301b3f7e298604a3dfa04227c5145f4429bca273d6b2527bee85d6 | Triage

Sharing

General

Target

77f5c0427c0af031c7fcd4f87683ec73
Size

484KB
Sample

240126-v4wetsagg2
MD5

77f5c0427c0af031c7fcd4f87683ec73
SHA1

9ce7a351e285c52c3291b03e13c21af746c60050
SHA256

e124cb8204301b3f7e298604a3dfa04227c5145f4429bca273d6b2527bee85d6
SHA512

99b4a515da3c3db17ce93e5078fd13bd452b4374281440fe8299a3457a97e8c6d4d619a3df8f8135c409a95c9b4eb2aecf9d938ef0882b2c16282b140d8088bd
SSDEEP

12288:J8V0RDQdD9yMRqOm91EkHewncPKdbWUhvGQAHe8fAIwgw4lAAx9BhmroAi:JozdD9rqOUvHhncibWUhuHe8fAIwgw4G

Score

10^/10

cybergate spy persistence stealer trojan

Malware Config

Extracted

Family

cybergate

Version

2.6

Botnet

Spy

C2

82.242.250.193:81

82.242.250.193:82

82.242.250.193:83

Mutex

5D0SS5G3R0D6S6DH0T2S

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./logs/
ftp_interval
30
injected_process
explorer.exe
install_dir
Java
install_file
JavaUdapter.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
texto da mensagem
message_box_title
título da mensagem
password
abcd1234

Targets

- Target
  
  77f5c0427c0af031c7fcd4f87683ec73
- Size
  
  484KB
- MD5
  
  77f5c0427c0af031c7fcd4f87683ec73
- SHA1
  
  9ce7a351e285c52c3291b03e13c21af746c60050
- SHA256
  
  e124cb8204301b3f7e298604a3dfa04227c5145f4429bca273d6b2527bee85d6
- SHA512
  
  99b4a515da3c3db17ce93e5078fd13bd452b4374281440fe8299a3457a97e8c6d4d619a3df8f8135c409a95c9b4eb2aecf9d938ef0882b2c16282b140d8088bd
- SSDEEP
  
  12288:J8V0RDQdD9yMRqOm91EkHewncPKdbWUhvGQAHe8fAIwgw4lAAx9BhmroAi:JozdD9rqOUvHhncibWUhuHe8fAIwgw4G
Score

10^/10

cybergate spy persistence stealer trojan
- CyberGate, Rebhip
  CyberGate is a lightweight remote administration tool with a wide array of functionalities.
  trojan stealer cybergate
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cybergatespypersistencestealertrojan

behavioral2

cybergatespystealertrojan