cybergate | e1f165f93607ca874c6fbc1105ffece7d20f8e03ea4a014934704d989cfe4a11 | Triage

Submit
Reports

Overview

overview

Static

static

3

b3dcb674d0...1e.exe

windows7-x64

b3dcb674d0...1e.exe

windows10-2004-x64

Sharing

General

Target

b3dcb674d0bb97b1cf33ebfc0f5a6f1e
Size

458KB
Sample

240305-fthcwsfh46
MD5

b3dcb674d0bb97b1cf33ebfc0f5a6f1e
SHA1

f4e286cfb6f57de9b045ef7893332d9c5a44d39a
SHA256

e1f165f93607ca874c6fbc1105ffece7d20f8e03ea4a014934704d989cfe4a11
SHA512

48a0e47bebd4a006f474219f0d88b0809cdcda51bc8ad324343b6744889b71589cd3279d65c6aac81f5f4cdf4c3d2c65c21ede1e12c268eed92f2dde3ef46584
SSDEEP

6144:okKi3v6hBK4H1VLCmjmy8PUGrMGB6NZSlbluc2bCZlhOKsFnAPDDNVTu0cK+se:okxvyXRVmy3Gr4NElpXtbsezTu0cK

Score

10^/10

cybergate cyber persistence spyware stealer trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

b3dcb674d0bb97b1cf33ebfc0f5a6f1e.exe

Resource

win7-20240221-en

cybergate cyber persistence spyware stealer trojan upx

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

b3dcb674d0bb97b1cf33ebfc0f5a6f1e.exe

Resource

win10v2004-20240226-en

cybergate cyber persistence spyware stealer trojan upx

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

cybergate

Version

v1.07.5

Botnet

Cyber

C2

vardeath.zapto.org:1235

Mutex

PK261NR362L7D7

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./logs/
ftp_interval
30
injected_process
explorer.exe
install_dir
install
install_file
server.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
Remote Administration anywhere in the world.
message_box_title
CyberGate
password
123456

Targets

- Target
  
  b3dcb674d0bb97b1cf33ebfc0f5a6f1e
- Size
  
  458KB
- MD5
  
  b3dcb674d0bb97b1cf33ebfc0f5a6f1e
- SHA1
  
  f4e286cfb6f57de9b045ef7893332d9c5a44d39a
- SHA256
  
  e1f165f93607ca874c6fbc1105ffece7d20f8e03ea4a014934704d989cfe4a11
- SHA512
  
  48a0e47bebd4a006f474219f0d88b0809cdcda51bc8ad324343b6744889b71589cd3279d65c6aac81f5f4cdf4c3d2c65c21ede1e12c268eed92f2dde3ef46584
- SSDEEP
  
  6144:okKi3v6hBK4H1VLCmjmy8PUGrMGB6NZSlbluc2bCZlhOKsFnAPDDNVTu0cK+se:okxvyXRVmy3Gr4NElpXtbsezTu0cK
Score

10^/10

cybergate cyber persistence spyware stealer trojan upx
- CyberGate, Rebhip
  CyberGate is a lightweight remote administration tool with a wide array of functionalities.
  trojan stealer cybergate
- Nirsoft
- Adds policy Run key to start application
  persistence
- Modifies Installed Components in the registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

cybergatecyberpersistencespywarestealertrojanupx

behavioral2

cybergatecyberpersistencespywarestealertrojanupx

© 2018-2024

Terms | Privacy