cybergate | 6b28045633140184f9bc67b77b8d54c81d8ccbb7b35559f9bcdf630ac356ffca | Triage

Submit
Reports

Overview

overview

Static

static

e9a284dab8...18.exe

windows7-x64

e9a284dab8...18.exe

windows10-2004-x64

8

Sharing

General

Target

e9a284dab8128f5dcdacb15305d7cc1c_JaffaCakes118
Size

296KB
Sample

240409-k1q1tsef2x
MD5

e9a284dab8128f5dcdacb15305d7cc1c
SHA1

600c81170f9260c82d80b1af8653855d034776b1
SHA256

6b28045633140184f9bc67b77b8d54c81d8ccbb7b35559f9bcdf630ac356ffca
SHA512

202b1141b2e5efb1325078729a8e03bf7304c2dcc5c00117e9d3a2538f4f38e270f0335e2b73fe086f71f68cd47c58187f5d7a9946ce1122de37c326915fdc4e
SSDEEP

6144:/OpslFlqWhdBCkWYxuukP1pjSKSNVkq/MVJbJ:/wsl/TBd47GLRMTbJ

Score

10^/10

cybergate remote persistence stealer trojan upx

Static task

static1

remote cybergate

2 signatures

Behavioral task

behavioral1

Sample

e9a284dab8128f5dcdacb15305d7cc1c_JaffaCakes118.exe

Resource

win7-20240220-en

cybergate remote persistence stealer trojan upx

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

e9a284dab8128f5dcdacb15305d7cc1c_JaffaCakes118.exe

Resource

win10v2004-20240226-en

persistence upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

cybergate

Version

v1.07.5

Botnet

remote

C2

gr.no-ip.biz:83

Mutex

CyberGate1

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./logs/
ftp_interval
30
injected_process
explorer.exe
install_dir
install
install_file
server.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
Remote Administration anywhere in the world.
message_box_title
CyberGate
password
cybergate

Targets

- Target
  
  e9a284dab8128f5dcdacb15305d7cc1c_JaffaCakes118
- Size
  
  296KB
- MD5
  
  e9a284dab8128f5dcdacb15305d7cc1c
- SHA1
  
  600c81170f9260c82d80b1af8653855d034776b1
- SHA256
  
  6b28045633140184f9bc67b77b8d54c81d8ccbb7b35559f9bcdf630ac356ffca
- SHA512
  
  202b1141b2e5efb1325078729a8e03bf7304c2dcc5c00117e9d3a2538f4f38e270f0335e2b73fe086f71f68cd47c58187f5d7a9946ce1122de37c326915fdc4e
- SSDEEP
  
  6144:/OpslFlqWhdBCkWYxuukP1pjSKSNVkq/MVJbJ:/wsl/TBd47GLRMTbJ
Score

10^/10

cybergate remote persistence stealer trojan upx
- CyberGate, Rebhip
  CyberGate is a lightweight remote administration tool with a wide array of functionalities.
  trojan stealer cybergate
- Adds policy Run key to start application
  persistence
- Modifies Installed Components in the registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

remotecybergate

behavioral1

cybergateremotepersistencestealertrojanupx

behavioral2

© 2018-2024

Terms | Privacy