General

  • Target

    cb1349b01069f8a2b05cd70be4ad1ed1

  • Size

    272KB

  • Sample

    240315-llawqsda9t

  • MD5

    cb1349b01069f8a2b05cd70be4ad1ed1

  • SHA1

    8ebe057f4624d6ccab495bcb622b7ad224669e3d

  • SHA256

    bd772e1f284f4766c9d15a63fc8558928f2280752a300422db83543d7b3d9850

  • SHA512

    f97af2995c7bb210717149e0fe3cc72028a4518fb25410f2b45c55525f0b249ac240ae6c62d62c3c6d5ff523990b72aff6f1e7cfea6c0eca0d4e3fa792cec09c

  • SSDEEP

    6144:vk4qmFLiss/qp0gv7TX172YJJCStmvVja+1SetCOO:c9JHUD9az4mvKOCx

Malware Config

Extracted

Family

cybergate

Version

2.6

Botnet

vítima

C2

127.0.0.1:81

Mutex

***server***

Attributes
  • enable_keylogger

    true

  • enable_message_box

    true

  • ftp_directory

    ./logs/

  • ftp_interval

    30

  • injected_process

    explorer.exe

  • install_dir

    install

  • install_file

    server.exe

  • install_flag

    true

  • keylogger_enable_ftp

    false

  • message_box_caption

    no file

  • message_box_title

    test

  • password

    abcd1234

  • regkey_hkcu

    HKCU

  • regkey_hklm

    HKLM

Targets

    • Target

      cb1349b01069f8a2b05cd70be4ad1ed1

    • Size

      272KB

    • MD5

      cb1349b01069f8a2b05cd70be4ad1ed1

    • SHA1

      8ebe057f4624d6ccab495bcb622b7ad224669e3d

    • SHA256

      bd772e1f284f4766c9d15a63fc8558928f2280752a300422db83543d7b3d9850

    • SHA512

      f97af2995c7bb210717149e0fe3cc72028a4518fb25410f2b45c55525f0b249ac240ae6c62d62c3c6d5ff523990b72aff6f1e7cfea6c0eca0d4e3fa792cec09c

    • SSDEEP

      6144:vk4qmFLiss/qp0gv7TX172YJJCStmvVja+1SetCOO:c9JHUD9az4mvKOCx

    • CyberGate, Rebhip

      CyberGate is a lightweight remote administration tool with a wide array of functionalities.

    • Adds policy Run key to start application

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks