cybergate | 6907e4bc6c2908d39ea2a745b1e86aad2ec1ad76bb9a8f559ca5ee55931407a8 | Triage

Submit
Reports

Overview

overview

Static

static

3

d4dfb2b316...07.exe

windows7-x64

d4dfb2b316...07.exe

windows10-2004-x64

Sharing

General

Target

d4dfb2b31675c0cb52b79c62df302e07
Size

312KB
Sample

240319-bxna4aee5y
MD5

d4dfb2b31675c0cb52b79c62df302e07
SHA1

7f6e63b63b5afd067f61fabcab8da273a24f26a0
SHA256

6907e4bc6c2908d39ea2a745b1e86aad2ec1ad76bb9a8f559ca5ee55931407a8
SHA512

6f5259822b06c834b4c49ea7204721a51bc10e44758b473d89205cef1459451b69fefb1dbd3994506c7377256c7595cf38966fbfd124a1c51df12fd4420fff6c
SSDEEP

6144:KvkamA2MKgT8KbZ1ZO0MS1lxTgstF3LO6U8j5lB+oosThXe2:KvkaVRl8k/ZOq5PtFLV5lUoRb

Score

10^/10

cybergate öííé persistence stealer trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

d4dfb2b31675c0cb52b79c62df302e07.exe

Resource

win7-20240221-en

cybergate öííé persistence stealer trojan upx

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

d4dfb2b31675c0cb52b79c62df302e07.exe

Resource

win10v2004-20240226-en

cybergate öííé persistence stealer trojan upx

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

cybergate

Version

2.6

Botnet

ÖÍíÉ

C2

127.0.0.1:288

Mutex

***MUTEX***

Attributes

enable_keylogger
false
enable_message_box
false
ftp_directory
./logs/
ftp_interval
30
injected_process
svchost.exe
install_file
windows.exe
install_flag
false
keylogger_enable_ftp
false
message_box_caption
texto da mensagem
message_box_title
t?tulo da mensagem
password
abcd1234

Targets

- Target
  
  d4dfb2b31675c0cb52b79c62df302e07
- Size
  
  312KB
- MD5
  
  d4dfb2b31675c0cb52b79c62df302e07
- SHA1
  
  7f6e63b63b5afd067f61fabcab8da273a24f26a0
- SHA256
  
  6907e4bc6c2908d39ea2a745b1e86aad2ec1ad76bb9a8f559ca5ee55931407a8
- SHA512
  
  6f5259822b06c834b4c49ea7204721a51bc10e44758b473d89205cef1459451b69fefb1dbd3994506c7377256c7595cf38966fbfd124a1c51df12fd4420fff6c
- SSDEEP
  
  6144:KvkamA2MKgT8KbZ1ZO0MS1lxTgstF3LO6U8j5lB+oosThXe2:KvkaVRl8k/ZOq5PtFLV5lUoRb
Score

10^/10

cybergate öííé persistence stealer trojan upx
- CyberGate, Rebhip
  CyberGate is a lightweight remote administration tool with a wide array of functionalities.
  trojan stealer cybergate
- Adds policy Run key to start application
  persistence
- Modifies Installed Components in the registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

cybergateöííépersistencestealertrojanupx

behavioral2

cybergateöííépersistencestealertrojanupx

© 2018-2024

Terms | Privacy