cybergate | 6d8e272766011d93b5ff3f9aec01d5260482bc9ad3bda5acdd994c4c27832cd3 | Triage

Submit
Reports

Overview

overview

Static

static

3

d6133e92a0...d2.exe

windows7-x64

d6133e92a0...d2.exe

windows10-2004-x64

Sharing

General

Target

d6133e92a061f48e0bc1d394f865f9d2
Size

755KB
Sample

240319-pbptpabg43
MD5

d6133e92a061f48e0bc1d394f865f9d2
SHA1

cdf7cce3c8bbad13fb2a9a5b78df05c354575931
SHA256

6d8e272766011d93b5ff3f9aec01d5260482bc9ad3bda5acdd994c4c27832cd3
SHA512

58dfead23cf8b6add8186381fac770056783dbd867af48c4a5fb9c6b84223382d3b0c157b3b7889b174cb63560b5574b3fbdd56babe03d74dc980666c71bbcb0
SSDEEP

12288:bfOQa7XN+g40/hazULOKj2XZPrqcN4za1sy95AJASIM7ofDbrvmWd54+oiJsUADz:LObX+0/hazULOKj2XZr4zjy95AuSGfFm

Score

10^/10

cybergate test persistence stealer trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

d6133e92a061f48e0bc1d394f865f9d2.exe

Resource

win7-20240221-en

cybergate test persistence stealer trojan upx

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

d6133e92a061f48e0bc1d394f865f9d2.exe

Resource

win10v2004-20231215-en

cybergate test persistence stealer trojan upx

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

cybergate

Version

2.6

Botnet

Test

C2

127.0.0.1:81

Mutex

***MUTEX****

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./logs/
ftp_interval
30
injected_process
explorer.exe
install_dir
install
install_file
svchost.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
texto da mensagem
message_box_title
título da mensagem
password
1111
regkey_hkcu
HKCU
regkey_hklm
HKLM

Targets

- Target
  
  d6133e92a061f48e0bc1d394f865f9d2
- Size
  
  755KB
- MD5
  
  d6133e92a061f48e0bc1d394f865f9d2
- SHA1
  
  cdf7cce3c8bbad13fb2a9a5b78df05c354575931
- SHA256
  
  6d8e272766011d93b5ff3f9aec01d5260482bc9ad3bda5acdd994c4c27832cd3
- SHA512
  
  58dfead23cf8b6add8186381fac770056783dbd867af48c4a5fb9c6b84223382d3b0c157b3b7889b174cb63560b5574b3fbdd56babe03d74dc980666c71bbcb0
- SSDEEP
  
  12288:bfOQa7XN+g40/hazULOKj2XZPrqcN4za1sy95AJASIM7ofDbrvmWd54+oiJsUADz:LObX+0/hazULOKj2XZr4zjy95AuSGfFm
Score

10^/10

cybergate test persistence stealer trojan upx
- CyberGate, Rebhip
  CyberGate is a lightweight remote administration tool with a wide array of functionalities.
  trojan stealer cybergate
- Adds policy Run key to start application
  persistence
- Modifies Installed Components in the registry
  persistence
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

cybergatetestpersistencestealertrojanupx

behavioral2

cybergatetestpersistencestealertrojanupx

© 2018-2024

Terms | Privacy