General
-
Target
94016b88f4f1a15e7039a81e7c0bbc3c
-
Size
576KB
-
Sample
240206-gs7rtsaffk
-
MD5
94016b88f4f1a15e7039a81e7c0bbc3c
-
SHA1
84b4b8ddfb5d0677c254fe7b75eab4a2f743f532
-
SHA256
e64269140f55c064df212bd5d48c6b04b85b666ac8ebc7b7d56ed524ef34e510
-
SHA512
d0bed04d582a0ce22073f27ff16103e2040b231f51d0b839a767fa46d36a221b96064a177ca53d4c4aec1564a68a1df3fde6281d559672174715c8ca922dfd2c
-
SSDEEP
12288:CvsqhlMDbXL1L8eds+7W2bsRoqt//dyuFy47XHwe/rI:Is4+1L8QiTOe1yunDHwe/r
Malware Config
Extracted
cybergate
v1.02.0
Cyber
proscamer.office-on-the.net:43594
02000VO2735L4T
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
install
-
install_file
server.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
Remote Administration anywhere in the world.
-
message_box_title
CyberGate
-
password
zoostorm
Targets
-
-
Target
94016b88f4f1a15e7039a81e7c0bbc3c
-
Size
576KB
-
MD5
94016b88f4f1a15e7039a81e7c0bbc3c
-
SHA1
84b4b8ddfb5d0677c254fe7b75eab4a2f743f532
-
SHA256
e64269140f55c064df212bd5d48c6b04b85b666ac8ebc7b7d56ed524ef34e510
-
SHA512
d0bed04d582a0ce22073f27ff16103e2040b231f51d0b839a767fa46d36a221b96064a177ca53d4c4aec1564a68a1df3fde6281d559672174715c8ca922dfd2c
-
SSDEEP
12288:CvsqhlMDbXL1L8eds+7W2bsRoqt//dyuFy47XHwe/rI:Is4+1L8QiTOe1yunDHwe/r
Score10/10-
CyberGate, Rebhip
CyberGate is a lightweight remote administration tool with a wide array of functionalities.
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-