cybergate | ca0d47eb1e6e4aef145349e6a7106e67b67fb2664de5699945927500cb6a61a1 | Triage

Sharing

General

Target

fb187b6595396a75c5bba79b7529231a_JaffaCakes118
Size

328KB
Sample

240927-3frezaxepg
MD5

fb187b6595396a75c5bba79b7529231a
SHA1

8ac3a3e268e614c1f707d4732d3b0153b41bd390
SHA256

ca0d47eb1e6e4aef145349e6a7106e67b67fb2664de5699945927500cb6a61a1
SHA512

1d16c99c5a177efd4e7a874a6243d9f5de14bd7413af05577be34e1445e6de42ec74da781f34c0cb233a6a02fd08152737c45f9dcb4f7936cfe4090ca54ff6ce
SSDEEP

6144:bEWbPn9nyM1vpGFPx7sESTNT6lRxIjp3BZH6Vox6aCm6aRvoQJ7ce:bDbf9nj1oFPFONyRejJf6KHC+vae

Score

10^/10

cybergate cybergate15444 discovery stealer trojan

Malware Config

Extracted

Family

cybergate

Version

v1.07.5

Botnet

Cybergate15444

C2

danaibrahim.zapto.org:15444

Mutex

77821E1H5QF30M

Attributes

enable_keylogger
true
enable_message_box
true
ftp_directory
./logs/
ftp_interval
30
injected_process
explorer.exe
install_dir
install
install_file
bader.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
Windows can't open this application!
message_box_title
Error
password
14931
regkey_hkcu
HKCU
regkey_hklm
HKLM

Targets

- Target
  
  fb187b6595396a75c5bba79b7529231a_JaffaCakes118
- Size
  
  328KB
- MD5
  
  fb187b6595396a75c5bba79b7529231a
- SHA1
  
  8ac3a3e268e614c1f707d4732d3b0153b41bd390
- SHA256
  
  ca0d47eb1e6e4aef145349e6a7106e67b67fb2664de5699945927500cb6a61a1
- SHA512
  
  1d16c99c5a177efd4e7a874a6243d9f5de14bd7413af05577be34e1445e6de42ec74da781f34c0cb233a6a02fd08152737c45f9dcb4f7936cfe4090ca54ff6ce
- SSDEEP
  
  6144:bEWbPn9nyM1vpGFPx7sESTNT6lRxIjp3BZH6Vox6aCm6aRvoQJ7ce:bDbf9nj1oFPFONyRejJf6KHC+vae
Score

10^/10

cybergate cybergate15444 discovery stealer trojan
- CyberGate, Rebhip
  CyberGate is a lightweight remote administration tool with a wide array of functionalities.
  trojan stealer cybergate
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cybergatecybergate15444discoverystealertrojan

behavioral2