Overview

overview

10

Static

static

10

c39e675a89...25.exe

windows7-x64

10

c39e675a89...25.exe

windows10-2004-x64

10

Resubmissions

07-07-2024 10:40

240707-mqp2wszdkn 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c39e675a899312f1e812d98038bb75b0c5159006e8df7a715f93f8b3ac23b625.zip

  • Size

    254KB

  • Sample

    240707-mqp2wszdkn

  • MD5

    47c88343eb003215a23d43e229952826

  • SHA1

    760303f08a396b4b3e2f00b55009fc0a6b502d9f

  • SHA256

    61aab4059bcefe536ba158911c88e8b2948faf3252008098a8696eb6668315ea

  • SHA512

    9042b1622de0f58775e29da04f3213af51860254464dddd840528c2a15ef36639cb1fa99f9e124176f22332a0a1ce7ceb947aca3b77295f5445037e252e490e6

  • SSDEEP

    6144:CnGFSzyxTOe/tGWho/g5wnlbQ+LRhNjAb9Z/jv4tg6zDh:CnGFMykKho4ilb7RYVjgigDh

Score
10/10
cybergatevictimastealertrojanupx

Malware Config

Extracted

Family

cybergate

Version

2.6

Botnet

victima

C2

192.168.0.14:34403

elpepemanca.ddns.net:34403
Mutex

***MUTEX***

Attributes
  • enable_keylogger

    true

  • enable_message_box

    false

  • ftp_directory

    ./logs/

  • ftp_interval

    30

  • injected_process

    explorer.exe

  • install_dir

    system

  • install_file

    system.exe

  • install_flag

    false

  • keylogger_enable_ftp

    false

  • message_box_caption

    el proceso se ha realizado correctamente

  • message_box_title

    exito

  • password

    1234

Targets

    • Target

      c39e675a899312f1e812d98038bb75b0c5159006e8df7a715f93f8b3ac23b625

    • Size

      283KB

    • MD5

      55911a010779edfe90c9fd8e8d365f81

    • SHA1

      2f2885ffb940eea4b76048b1a5bdadc1fa35bdbf

    • SHA256

      c39e675a899312f1e812d98038bb75b0c5159006e8df7a715f93f8b3ac23b625

    • SHA512

      f6015c9ba126c43baef72ed888efbdaf00f3f0d7d6e52d4378c71659a8e85fca01589c190786357d83743ece34eb34d1741fd37f0cf9a84be3f5c11f44451898

    • SSDEEP

      6144:7mcD66RRjf5JGmrpQsK3RD2u270jupCJsCxCK:icD663eZ2zkPaCx3

    Score
    10/10
    cybergatestealertrojanupx

    • CyberGate, Rebhip

      CyberGate is a lightweight remote administration tool with a wide array of functionalities.

      trojanstealercybergate

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks