General

  • Target

    cb3d61a50f9ec108460a129b82f26255

  • Size

    424KB

  • Sample

    240315-m5x12sgh76

  • MD5

    cb3d61a50f9ec108460a129b82f26255

  • SHA1

    a939b026c6d28f1035e73c03f936b5e03dd50f9d

  • SHA256

    5d7582da770bb1549bcbb86351d381f9eb6d09da228edd50962eb091705b1e2e

  • SHA512

    3fd7fd5aaf726e02f198a277d183c97bd9cc69fd918bb710b3ce6bb2c86ec02fff84cd0dff97077691ffff8d752d3efad246f2ce51986ac240d472ba67523fd1

  • SSDEEP

    12288:3/E/KTEEr5W/KEYdUhMoeFFnlUvIxPFJERRoEo1UkUxJl:Te1mhnivIxPFJEzoEoel

Malware Config

Extracted

Family

cybergate

Version

v1.01.17

Botnet

Microsoft

C2

streppone.no-ip.biz:1640

Mutex

CyberGate1

Attributes
  • enable_keylogger

    true

  • enable_message_box

    false

  • ftp_directory

    ./logs/

  • ftp_interval

    30

  • injected_process

    Windows-Explorer

  • install_dir

    Windows-Explorer

  • install_file

    Windows-Explorer

  • install_flag

    true

  • keylogger_enable_ftp

    false

  • message_box_caption

    Remote Administration anywhere in the world.

  • message_box_title

    CyberGate

  • password

    123456

Targets

    • Target

      cb3d61a50f9ec108460a129b82f26255

    • Size

      424KB

    • MD5

      cb3d61a50f9ec108460a129b82f26255

    • SHA1

      a939b026c6d28f1035e73c03f936b5e03dd50f9d

    • SHA256

      5d7582da770bb1549bcbb86351d381f9eb6d09da228edd50962eb091705b1e2e

    • SHA512

      3fd7fd5aaf726e02f198a277d183c97bd9cc69fd918bb710b3ce6bb2c86ec02fff84cd0dff97077691ffff8d752d3efad246f2ce51986ac240d472ba67523fd1

    • SSDEEP

      12288:3/E/KTEEr5W/KEYdUhMoeFFnlUvIxPFJERRoEo1UkUxJl:Te1mhnivIxPFJEzoEoel

    • CyberGate, Rebhip

      CyberGate is a lightweight remote administration tool with a wide array of functionalities.

    • Adds policy Run key to start application

    • Modifies Installed Components in the registry

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks