General

  • Target

    c229de8151b28c1da808a30dd3c2ee51

  • Size

    387KB

  • Sample

    240312-cbz87sef89

  • MD5

    c229de8151b28c1da808a30dd3c2ee51

  • SHA1

    4d77a2d1635f49dc6c6c2bb1696de57db97e9b4d

  • SHA256

    b21705a308732e66dfec5cb4e1056b2cecd94e8e7cf25d11459accca2dde47f5

  • SHA512

    86cfe381edcb2417c9f602843f45d5ee7e2c3520f3d8dbff090dc684a4aacab3c3d452e175455eac8999336e6fd5884cc6d3ff87a15aa0db7807f11a36d09ac8

  • SSDEEP

    6144:2Y9uzgcU7MMjwWJyJ4mp8D6WGc/YSlIipBReubLzeh7Yy0DMIdeXijJ:2Yszgc7MjR0Wy78QSVnNyhsFMCeSjJ

Malware Config

Extracted

Family

cybergate

Version

v1.18.0 - Crack Version

Botnet

remote

C2

127.0.0.1:82

Mutex

000C660SMGAV0V

Attributes
  • enable_keylogger

    false

  • enable_message_box

    false

  • ftp_directory

    ./logs

  • ftp_interval

    30

  • injected_process

    explorer.exe

  • install_dir

    install

  • install_file

    server.exe

  • install_flag

    false

  • keylogger_enable_ftp

    false

  • message_box_caption

    Remote Administration anywhere in the world.

  • message_box_title

    CyberGate

  • password

    123

Targets

    • Target

      c229de8151b28c1da808a30dd3c2ee51

    • Size

      387KB

    • MD5

      c229de8151b28c1da808a30dd3c2ee51

    • SHA1

      4d77a2d1635f49dc6c6c2bb1696de57db97e9b4d

    • SHA256

      b21705a308732e66dfec5cb4e1056b2cecd94e8e7cf25d11459accca2dde47f5

    • SHA512

      86cfe381edcb2417c9f602843f45d5ee7e2c3520f3d8dbff090dc684a4aacab3c3d452e175455eac8999336e6fd5884cc6d3ff87a15aa0db7807f11a36d09ac8

    • SSDEEP

      6144:2Y9uzgcU7MMjwWJyJ4mp8D6WGc/YSlIipBReubLzeh7Yy0DMIdeXijJ:2Yszgc7MjR0Wy78QSVnNyhsFMCeSjJ

    • CyberGate, Rebhip

      CyberGate is a lightweight remote administration tool with a wide array of functionalities.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Tasks