cybergate | f29ab36f7c3387e7ad4615d5427ddc14c2bfdb427ef7ad6b579cda272b7b61de | Triage

Submit
Reports

Overview

overview

Static

static

3

78935c66e2...18.exe

windows7-x64

78935c66e2...18.exe

windows10-2004-x64

Sharing

General

Target

78935c66e2ecd70a8a5c1fd3d9d9d9d2_JaffaCakes118
Size

288KB
Sample

240401-ycf3lsde6z
MD5

78935c66e2ecd70a8a5c1fd3d9d9d9d2
SHA1

934243513fbc4078b4389f0a68365398f1350838
SHA256

f29ab36f7c3387e7ad4615d5427ddc14c2bfdb427ef7ad6b579cda272b7b61de
SHA512

adbaff0e2efed5fe1d75ce4d5ed1a63220da12f73f0df438ee6de6f3dbf5a57cb9b73f7692d125e8b82ccd87f1a061fae2d7c9b3bbe62a2d00e934c34b5d32a9
SSDEEP

6144:bNjzntMXVUoPVSQ+5j8q2LWwX/g8se+8FrJG6O1mxiP:bBWUo9SQ+5j8uwvg3YO6O1X

Score

10^/10

cybergate lammer stealer trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

78935c66e2ecd70a8a5c1fd3d9d9d9d2_JaffaCakes118.exe

Resource

win7-20240221-en

cybergate lammer stealer trojan upx

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

78935c66e2ecd70a8a5c1fd3d9d9d9d2_JaffaCakes118.exe

Resource

win10v2004-20240226-en

cybergate lammer stealer trojan upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

cybergate

Version

v1.02.1

Botnet

Lammer

C2

127.0.0.1:81

Mutex

Pluguin

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./
ftp_interval
30
injected_process
explorer.exe
install_dir
Microsoft
install_file
Pluguin.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
VOCÊ FOI HACKEADO ...SEU SISTEMA SERÁ FORMATADO.
message_box_title
LAMMER
password
fd

Targets

- Target
  
  78935c66e2ecd70a8a5c1fd3d9d9d9d2_JaffaCakes118
- Size
  
  288KB
- MD5
  
  78935c66e2ecd70a8a5c1fd3d9d9d9d2
- SHA1
  
  934243513fbc4078b4389f0a68365398f1350838
- SHA256
  
  f29ab36f7c3387e7ad4615d5427ddc14c2bfdb427ef7ad6b579cda272b7b61de
- SHA512
  
  adbaff0e2efed5fe1d75ce4d5ed1a63220da12f73f0df438ee6de6f3dbf5a57cb9b73f7692d125e8b82ccd87f1a061fae2d7c9b3bbe62a2d00e934c34b5d32a9
- SSDEEP
  
  6144:bNjzntMXVUoPVSQ+5j8q2LWwX/g8se+8FrJG6O1mxiP:bBWUo9SQ+5j8uwvg3YO6O1X
Score

10^/10

cybergate lammer stealer trojan upx
- CyberGate, Rebhip
  CyberGate is a lightweight remote administration tool with a wide array of functionalities.
  trojan stealer cybergate
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

cybergatelammerstealertrojanupx

behavioral2

cybergatelammerstealertrojanupx

© 2018-2024

Terms | Privacy