General

  • Target

    cb7fe5c4fd701c801cdbb2aa43064eb1

  • Size

    531KB

  • Sample

    240315-qf6hnsha71

  • MD5

    cb7fe5c4fd701c801cdbb2aa43064eb1

  • SHA1

    f797f4cb86a1f263aae074c8537492537f212aaa

  • SHA256

    958dca456db4def1ae8f9b23d7c813fd86b7cecbc3623d1450f041be96cf4253

  • SHA512

    dbb6d1e6911b79e09e4bd648b73f40f4f6328d888b4d0a63408bbd56462673b806616d556eb352b0f9f0673a272713161eab43ceb6fdc65898d6b24804ea57be

  • SSDEEP

    12288:Iu/uLTBJeH87GAf11beNXJw5U9lr5ARRsqxKMybc:p/wJW87BL6w5cruiqxt

Malware Config

Extracted

Family

cybergate

Version

v1.07.0

Botnet

ggggggggggg

C2

esam2at.no-ip.biz:246

Mutex

PRUEBA

Attributes
  • enable_keylogger

    false

  • enable_message_box

    false

  • ftp_directory

    ./logs/

  • ftp_interval

    30

  • injected_process

    explorer.exe

  • install_dir

    PRUEBA

  • install_file

    PRUEBA.exe

  • install_flag

    true

  • keylogger_enable_ftp

    false

  • message_box_caption

    Remote Administration anywhere in the world.

  • message_box_title

    CyberGate

  • password

    1234567

Targets

    • Target

      cb7fe5c4fd701c801cdbb2aa43064eb1

    • Size

      531KB

    • MD5

      cb7fe5c4fd701c801cdbb2aa43064eb1

    • SHA1

      f797f4cb86a1f263aae074c8537492537f212aaa

    • SHA256

      958dca456db4def1ae8f9b23d7c813fd86b7cecbc3623d1450f041be96cf4253

    • SHA512

      dbb6d1e6911b79e09e4bd648b73f40f4f6328d888b4d0a63408bbd56462673b806616d556eb352b0f9f0673a272713161eab43ceb6fdc65898d6b24804ea57be

    • SSDEEP

      12288:Iu/uLTBJeH87GAf11beNXJw5U9lr5ARRsqxKMybc:p/wJW87BL6w5cruiqxt

    • CyberGate, Rebhip

      CyberGate is a lightweight remote administration tool with a wide array of functionalities.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks