cybergate | 96f08716a1a80edbcc4a9b013a45e57b6822ca678faf73b88d454d57eea5e7b0 | Triage

Submit
Reports

Overview

overview

Static

static

ab0116b2c7...af.exe

windows7-x64

ab0116b2c7...af.exe

windows10-2004-x64

Sharing

General

Target

ab0116b2c7afb51c3d340d6155ba8eaf
Size

290KB
Sample

240228-e4bsesbb35
MD5

ab0116b2c7afb51c3d340d6155ba8eaf
SHA1

b04845dacae031fea7296b87b75fa748ed41eeab
SHA256

96f08716a1a80edbcc4a9b013a45e57b6822ca678faf73b88d454d57eea5e7b0
SHA512

220c3f574182d36859ddcd933bbd5d3e9e01f8dfedd4376afb40f99c375aa4a5ffc329beaa2296e634f674be2c910ab3c1f0f9e7b8c602b1fdc9d1bd112e727c
SSDEEP

6144:5mcD66R7i5JGmrpQsK3RD2u270jupCJsCxC:ccD66dZ2zkPaCx

Score

10^/10

cybergate server persistence stealer trojan upx

Static task

static1

server cybergate

2 signatures

Behavioral task

behavioral1

Sample

ab0116b2c7afb51c3d340d6155ba8eaf.exe

Resource

win7-20240220-en

cybergate server persistence stealer trojan upx

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

ab0116b2c7afb51c3d340d6155ba8eaf.exe

Resource

win10v2004-20240226-en

cybergate server persistence stealer trojan upx

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

cybergate

Version

2.6

Botnet

Server

C2

marwan.no-ip.biz:82

Mutex

***MUTEX***

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./logs/
ftp_interval
30
injected_process
explorer.exe
install_dir
spynet
install_file
server.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
texto da mensagem
message_box_title
título da mensagem
password
abcd1234
regkey_hkcu
HKCU
regkey_hklm
HKLM

Targets

- Target
  
  ab0116b2c7afb51c3d340d6155ba8eaf
- Size
  
  290KB
- MD5
  
  ab0116b2c7afb51c3d340d6155ba8eaf
- SHA1
  
  b04845dacae031fea7296b87b75fa748ed41eeab
- SHA256
  
  96f08716a1a80edbcc4a9b013a45e57b6822ca678faf73b88d454d57eea5e7b0
- SHA512
  
  220c3f574182d36859ddcd933bbd5d3e9e01f8dfedd4376afb40f99c375aa4a5ffc329beaa2296e634f674be2c910ab3c1f0f9e7b8c602b1fdc9d1bd112e727c
- SSDEEP
  
  6144:5mcD66R7i5JGmrpQsK3RD2u270jupCJsCxC:ccD66dZ2zkPaCx
Score

10^/10

cybergate server persistence stealer trojan upx
- CyberGate, Rebhip
  CyberGate is a lightweight remote administration tool with a wide array of functionalities.
  trojan stealer cybergate
- Adds policy Run key to start application
  persistence
- Modifies Installed Components in the registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

servercybergate

behavioral1

cybergateserverpersistencestealertrojanupx

behavioral2

cybergateserverpersistencestealertrojanupx

© 2018-2024

Terms | Privacy