General

  • Target

    93d545ac6042ba5a9c5df4d2340ff747

  • Size

    302KB

  • Sample

    240206-e8fbeahcdr

  • MD5

    93d545ac6042ba5a9c5df4d2340ff747

  • SHA1

    0a7f283d0189360889a27a64b88281069249ffbd

  • SHA256

    87721019005839a7594986e1d40dbf88ad213439e2572518806b5193e2c0bc5a

  • SHA512

    7f7c3b98261afd3e419f14f05518254ff4c25a2fe1c99c02676e273bc43f243b0c6a8647e2e6d895c80172351de4c6fabe693c5146f9c4538673a77d9ed2e475

  • SSDEEP

    6144:ocVife4PlVifpenEVshiYWKW1LRnt4PEAPHOGfX5kHYvCP06O3Wcy/T/3nK23Js9:xVife4PlVifpenEVshiYWKW1LRnt4PEi

Malware Config

Extracted

Family

cybergate

Version

2.5

Botnet

vítima

C2

mierda.no-ip.org:8080

asdd.zapto.org:8080

dasdasdas.zapto.org:8080

Mutex

***MUTEX***

Attributes
  • enable_keylogger

    true

  • enable_message_box

    true

  • ftp_directory

    ./logs/

  • ftp_interval

    30

  • injected_process

    explorer.exe

  • install_dir

    sis

  • install_file

    sis34.exe

  • install_flag

    true

  • keylogger_enable_ftp

    false

  • message_box_caption

    Se he producido un error critico en el programa, pruebe a reiniciarlo en modo de compatibilidad

  • message_box_title

    Codigo de error 4xCg7f

  • password

    1234

  • regkey_hkcu

    HKCU

  • regkey_hklm

    HKLM

Targets

    • Target

      93d545ac6042ba5a9c5df4d2340ff747

    • Size

      302KB

    • MD5

      93d545ac6042ba5a9c5df4d2340ff747

    • SHA1

      0a7f283d0189360889a27a64b88281069249ffbd

    • SHA256

      87721019005839a7594986e1d40dbf88ad213439e2572518806b5193e2c0bc5a

    • SHA512

      7f7c3b98261afd3e419f14f05518254ff4c25a2fe1c99c02676e273bc43f243b0c6a8647e2e6d895c80172351de4c6fabe693c5146f9c4538673a77d9ed2e475

    • SSDEEP

      6144:ocVife4PlVifpenEVshiYWKW1LRnt4PEAPHOGfX5kHYvCP06O3Wcy/T/3nK23Js9:xVife4PlVifpenEVshiYWKW1LRnt4PEi

    • CyberGate, Rebhip

      CyberGate is a lightweight remote administration tool with a wide array of functionalities.

    • Modifies Installed Components in the registry

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks