cybergate | 0beeeca997db7928fce2777d87c6ca4ff2d4af5b036a7619f15bb391028921b9

General

Target

ad154249f9c7c429da60e4ffde384388_JaffaCakes118
Size

765KB
Sample

241128-v4t7rsvjcz
MD5

ad154249f9c7c429da60e4ffde384388
SHA1

5f45178e7123ac838b0cc2a53b7b59adbf90ac35
SHA256

0beeeca997db7928fce2777d87c6ca4ff2d4af5b036a7619f15bb391028921b9
SHA512

06efdc532a0d8395c63b4460f991ff9241bc06329487212dd83ec51e0400fe7f3f4efb3d0d0a9169aa6a755a8928da25ee2507d6a73cc7ab509632fa4f0b8630
SSDEEP

12288:CeX2USOEegLh83vGEuoN+DrdRztGidHHpQDsdfEZhVcLaoP+2rfBJMD5n5FbL3N6:OdqenBDPpc15d1

Score

10^/10

Malware Config

Extracted

Family

cybergate

Version

2.6

Botnet

victima

C2

albertiktn.no-ip.org:81

Mutex

***egbuiertbi***

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./logs/
ftp_interval
30
injected_process
explorer.exe
install_dir
WinDir
install_file
svchost.exe
install_flag
false
keylogger_enable_ftp
false
message_box_caption
texto da mensagem
message_box_title
título da mensagem
password
abcd1234

Targets

- Target
  
  ad154249f9c7c429da60e4ffde384388_JaffaCakes118
- Size
  
  765KB
- MD5
  
  ad154249f9c7c429da60e4ffde384388
- SHA1
  
  5f45178e7123ac838b0cc2a53b7b59adbf90ac35
- SHA256
  
  0beeeca997db7928fce2777d87c6ca4ff2d4af5b036a7619f15bb391028921b9
- SHA512
  
  06efdc532a0d8395c63b4460f991ff9241bc06329487212dd83ec51e0400fe7f3f4efb3d0d0a9169aa6a755a8928da25ee2507d6a73cc7ab509632fa4f0b8630
- SSDEEP
  
  12288:CeX2USOEegLh83vGEuoN+DrdRztGidHHpQDsdfEZhVcLaoP+2rfBJMD5n5FbL3N6:OdqenBDPpc15d1
Score

10^/10

cybergate victima discovery stealer trojan upx
- CyberGate, Rebhip
  CyberGate is a lightweight remote administration tool with a wide array of functionalities.
  trojan stealer cybergate
- Cybergate family
  cybergate
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

CyberGate, Rebhip

Cybergate family

Uses the VBS compiler for execution

Suspicious use of SetThreadContext

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2