cybergate | 15dd6e4913fa2de118cfe56bea7a15f5264a9feda3dda9373d5d2981728f5a0e | Triage

Sharing

General

Target

e829ad3e13935f21899d5c16cc723d07_JaffaCakes118
Size

684KB
Sample

240408-xgtntsbh6v
MD5

e829ad3e13935f21899d5c16cc723d07
SHA1

2330e10c112b7d5ee02e4557a6bd2590fde99617
SHA256

15dd6e4913fa2de118cfe56bea7a15f5264a9feda3dda9373d5d2981728f5a0e
SHA512

da3922f8484719fb5fd5fcc209eaf2a760b1c10722f5d1807ae9e3153078e35192e7947ae36c937f590d6ffccb33a69101c751d0b115a9292f9fb111a14b8a26
SSDEEP

12288:DPFzj9Jz9qzbYiVg+E762qDFfQEXQF5gYfxDzV4Fb087pVyYZODwGlFstLT9RG+g:D9MNDHotFyY5CyLxEBWuY

Score

10^/10

cybergate remote persistence stealer trojan upx

Malware Config

Extracted

Family

cybergate

Version

v1.07.5

Botnet

remote

C2

bott.zapto.org:1650

Mutex

XPL5L1UKX4PEIU

Attributes

enable_keylogger
false
enable_message_box
false
ftp_directory
./logs/
ftp_interval
30
injected_process
explorer.exe
install_dir
install
install_file
server.exe
install_flag
false
keylogger_enable_ftp
false
message_box_caption
Remote Administration anywhere in the world.
message_box_title
CyberGate
password
cybergate

Targets

- Target
  
  e829ad3e13935f21899d5c16cc723d07_JaffaCakes118
- Size
  
  684KB
- MD5
  
  e829ad3e13935f21899d5c16cc723d07
- SHA1
  
  2330e10c112b7d5ee02e4557a6bd2590fde99617
- SHA256
  
  15dd6e4913fa2de118cfe56bea7a15f5264a9feda3dda9373d5d2981728f5a0e
- SHA512
  
  da3922f8484719fb5fd5fcc209eaf2a760b1c10722f5d1807ae9e3153078e35192e7947ae36c937f590d6ffccb33a69101c751d0b115a9292f9fb111a14b8a26
- SSDEEP
  
  12288:DPFzj9Jz9qzbYiVg+E762qDFfQEXQF5gYfxDzV4Fb087pVyYZODwGlFstLT9RG+g:D9MNDHotFyY5CyLxEBWuY
Score

10^/10

cybergate remote persistence stealer trojan upx
- CyberGate, Rebhip
  CyberGate is a lightweight remote administration tool with a wide array of functionalities.
  trojan stealer cybergate
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scripting

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cybergateremotepersistencestealertrojanupx

behavioral2

cybergateremotepersistencestealertrojanupx