cybergate | 3026b6c4ab157d7854fdc282eaecd047f6a64ea18134a8bbdb2b272bb6befc0b | Triage

Submit
Reports

Overview

overview

Static

static

3026b6c4ab...0b.exe

windows7-x64

3026b6c4ab...0b.exe

windows10-2004-x64

Sharing

General

Target

3026b6c4ab157d7854fdc282eaecd047f6a64ea18134a8bbdb2b272bb6befc0b
Size

291KB
Sample

241004-yzg87atfnk
MD5

0eabfa1a9786edbd65b69a482fcac4d5
SHA1

3c1fb9db1b78c00978b08f5cb99f39fc27cc7b92
SHA256

3026b6c4ab157d7854fdc282eaecd047f6a64ea18134a8bbdb2b272bb6befc0b
SHA512

399d9956481658b611086739b7afa72ca97f6c4ec338410ce5244d1eac142607a35665f773784bafa32626cfd9aeda25eb5e9c9b6581cb93f8a3710681259c5c
SSDEEP

6144:ImcD66RRjecQEIXKgQjr0ksTdEBToREujB5wZl5DLfVq4mExyB:BcD663DeKgQ/iID5LfV13yB

Score

10^/10

cybergate bolboltor discovery persistence stealer trojan upx

Static task

static1

bolboltor cybergate

2 signatures

Behavioral task

behavioral1

Sample

3026b6c4ab157d7854fdc282eaecd047f6a64ea18134a8bbdb2b272bb6befc0b.exe

Resource

win7-20240903-en

cybergate bolboltor discovery persistence stealer trojan upx

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

3026b6c4ab157d7854fdc282eaecd047f6a64ea18134a8bbdb2b272bb6befc0b.exe

Resource

win10v2004-20240802-en

cybergate bolboltor discovery persistence stealer trojan upx

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

cybergate

Version

2.7 Beta 02

Botnet

bolboltor

C2

bolbol.no-ip.biz:81

Mutex

***MUTEX***

Attributes

enable_keylogger
false
enable_message_box
true
ftp_directory
./logs/
ftp_interval
30
injected_process
explorer.exe
install_dir
install
install_file
chrome.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
texto da mensagem
message_box_title
título da mensagem
password
123456789
regkey_hkcu
HKCU
regkey_hklm
HKLM

Targets

- Target
  
  3026b6c4ab157d7854fdc282eaecd047f6a64ea18134a8bbdb2b272bb6befc0b
- Size
  
  291KB
- MD5
  
  0eabfa1a9786edbd65b69a482fcac4d5
- SHA1
  
  3c1fb9db1b78c00978b08f5cb99f39fc27cc7b92
- SHA256
  
  3026b6c4ab157d7854fdc282eaecd047f6a64ea18134a8bbdb2b272bb6befc0b
- SHA512
  
  399d9956481658b611086739b7afa72ca97f6c4ec338410ce5244d1eac142607a35665f773784bafa32626cfd9aeda25eb5e9c9b6581cb93f8a3710681259c5c
- SSDEEP
  
  6144:ImcD66RRjecQEIXKgQjr0ksTdEBToREujB5wZl5DLfVq4mExyB:BcD663DeKgQ/iID5LfV13yB
Score

10^/10

cybergate bolboltor discovery persistence stealer trojan upx
- CyberGate, Rebhip
  CyberGate is a lightweight remote administration tool with a wide array of functionalities.
  trojan stealer cybergate
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

bolboltorcybergate

behavioral1

cybergatebolboltordiscoverypersistencestealertrojanupx

behavioral2

cybergatebolboltordiscoverypersistencestealertrojanupx

© 2018-2025

Terms | Privacy