cybergate | 42afeb514215e7b724b7fe405ada6e9b945e641a1f0e54fce10dd4103e1cdf08 | Triage

Submit
Reports

Overview

overview

Static

static

2ca2eb6878...18.exe

windows7-x64

2ca2eb6878...18.exe

windows10-2004-x64

Sharing

General

Target

2ca2eb68782bdd6c41203861e228d920_JaffaCakes118
Size

285KB
Sample

240708-rebscaveqe
MD5

2ca2eb68782bdd6c41203861e228d920
SHA1

bf321e0d147fade961f572aa9d6afa035ef5d69f
SHA256

42afeb514215e7b724b7fe405ada6e9b945e641a1f0e54fce10dd4103e1cdf08
SHA512

54daa4433d02c7e99a9833857511bbe4fd5e841ba34c6db00a66bce7b3d6e10922c1b1e3983b969802910e37f89269254d7c05455606267848a1fbfb1cb092a7
SSDEEP

6144:7k4qmUU+JHt3gG2NYs+U9zFLZmmwE42506BSQkkvnK1UC20LP3j678QbX:A9PlHtQ1NYs+KzFLZ2IgQFvn8UC20L/a

Score

10^/10

cybergate test persistence stealer trojan upx

Static task

static1

upx test cybergate

3 signatures

Behavioral task

behavioral1

Sample

2ca2eb68782bdd6c41203861e228d920_JaffaCakes118.exe

Resource

win7-20240708-en

cybergate test persistence stealer trojan upx

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

2ca2eb68782bdd6c41203861e228d920_JaffaCakes118.exe

Resource

win10v2004-20240704-en

cybergate test persistence stealer trojan upx

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

cybergate

Version

2.7 Beta 02

Botnet

Test

C2

vknerd.no-ip.biz:82

Mutex

AJHAD98D0A9SDAD6785ADS

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./logs/
ftp_interval
30
injected_process
explorer.exe
install_dir
install
install_file
server.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
texto da mensagem
message_box_title
título da mensagem
password
123456
regkey_hkcu
HKCU
regkey_hklm
HKLM

Targets

- Target
  
  2ca2eb68782bdd6c41203861e228d920_JaffaCakes118
- Size
  
  285KB
- MD5
  
  2ca2eb68782bdd6c41203861e228d920
- SHA1
  
  bf321e0d147fade961f572aa9d6afa035ef5d69f
- SHA256
  
  42afeb514215e7b724b7fe405ada6e9b945e641a1f0e54fce10dd4103e1cdf08
- SHA512
  
  54daa4433d02c7e99a9833857511bbe4fd5e841ba34c6db00a66bce7b3d6e10922c1b1e3983b969802910e37f89269254d7c05455606267848a1fbfb1cb092a7
- SSDEEP
  
  6144:7k4qmUU+JHt3gG2NYs+U9zFLZmmwE42506BSQkkvnK1UC20LP3j678QbX:A9PlHtQ1NYs+KzFLZ2IgQFvn8UC20L/a
Score

10^/10

cybergate test persistence stealer trojan upx
- CyberGate, Rebhip
  CyberGate is a lightweight remote administration tool with a wide array of functionalities.
  trojan stealer cybergate
- Suspicious use of NtCreateProcessExOtherParentProcess
- Adds policy Run key to start application
  persistence
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Active Setup

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Active Setup

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

upxtestcybergate

behavioral1

cybergatetestpersistencestealertrojanupx

behavioral2

cybergatetestpersistencestealertrojanupx

© 2018-2024

Terms | Privacy