cybergate | e2b97a5b474cbab359bcb16c2cbe6bbf0b18190feb9790916f18ad8d5cd66586 | Triage

Submit
Reports

Overview

overview

Static

static

3

abda5b2ed5...3e.exe

windows7-x64

abda5b2ed5...3e.exe

windows10-2004-x64

Sharing

General

Target

abda5b2ed5d946a343b27ea27b1ccf3e
Size

332KB
Sample

240228-pd5b6abc32
MD5

abda5b2ed5d946a343b27ea27b1ccf3e
SHA1

e3330cf1e3daaae54b9160c60f94b3269d6c1f82
SHA256

e2b97a5b474cbab359bcb16c2cbe6bbf0b18190feb9790916f18ad8d5cd66586
SHA512

82badf7e1c214357b3a0d021cf09efcb129381c1002d4f60f988b2abe68ba48bd23c51af67525ac020522676d5d602181fa8929949b1637053e043a1f7ae8752
SSDEEP

6144:JNLJzaQMJu4NgX1UWMlOvYSWctgHf7lJe/DhSnFCxzAd:JNLJz8Juk4iWMlOvv+TQ4nAo

Score

10^/10

cybergate victim evasion persistence stealer trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

abda5b2ed5d946a343b27ea27b1ccf3e.exe

Resource

win7-20240221-en

cybergate victim evasion persistence stealer trojan upx

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

abda5b2ed5d946a343b27ea27b1ccf3e.exe

Resource

win10v2004-20240226-en

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

cybergate

Version

v1.07.5

Botnet

Victim

C2

connecting.no-ip.info:35437

Mutex

MD6J11V77EXF25

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./logs/
ftp_interval
30
injected_process
explorer.exe
install_dir
services
install_file
svchost.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
Remote Administration anywhere in the world.
message_box_title
CyberGate
password
qqq
regkey_hkcu
MicrosoftXML
regkey_hklm
WinDefender

Targets

- Target
  
  abda5b2ed5d946a343b27ea27b1ccf3e
- Size
  
  332KB
- MD5
  
  abda5b2ed5d946a343b27ea27b1ccf3e
- SHA1
  
  e3330cf1e3daaae54b9160c60f94b3269d6c1f82
- SHA256
  
  e2b97a5b474cbab359bcb16c2cbe6bbf0b18190feb9790916f18ad8d5cd66586
- SHA512
  
  82badf7e1c214357b3a0d021cf09efcb129381c1002d4f60f988b2abe68ba48bd23c51af67525ac020522676d5d602181fa8929949b1637053e043a1f7ae8752
- SSDEEP
  
  6144:JNLJzaQMJu4NgX1UWMlOvYSWctgHf7lJe/DhSnFCxzAd:JNLJz8Juk4iWMlOvv+TQ4nAo
Score

10^/10

cybergate victim evasion persistence stealer trojan upx
- CyberGate, Rebhip
  CyberGate is a lightweight remote administration tool with a wide array of functionalities.
  trojan stealer cybergate
- UAC bypass
  evasion trojan
- Adds policy Run key to start application
  persistence
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Modifies Installed Components in the registry
  persistence
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

cybergatevictimevasionpersistencestealertrojanupx

behavioral2

© 2018-2024

Terms | Privacy