cybergate | dd75fe5219ba2370e04e59fab99a9215bdb623bc628a7dbcb35224648d6c7575 | Triage

Submit
Reports

Overview

overview

Static

static

3

dd75fe5219...75.exe

windows7-x64

dd75fe5219...75.exe

windows10-2004-x64

Sharing

General

Target

dd75fe5219ba2370e04e59fab99a9215bdb623bc628a7dbcb35224648d6c7575.exe
Size

484KB
Sample

241202-x6a8saymez
MD5

d05e8e0d1e01452860250b85a58b4d18
SHA1

918a9b2b1ef0cf2abd988c1a056b854a0aa372dc
SHA256

dd75fe5219ba2370e04e59fab99a9215bdb623bc628a7dbcb35224648d6c7575
SHA512

2e2aa424a88ec292794931d129cfeea6e72d2d81ed8df307602ee3eab58a80080a5d4446b604980631b66f3317d0b20acdc124dd35f02104798c18551b36748b
SSDEEP

12288:fRoDLKIX3HgugB6k0C1hBBLaNVigTYVZv:O6IX3gugHBjgTYVZv

Score

10^/10

cybergate fvaleria discovery persistence stealer trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

dd75fe5219ba2370e04e59fab99a9215bdb623bc628a7dbcb35224648d6c7575.exe

Resource

win7-20241010-en

cybergate fvaleria discovery persistence stealer trojan upx

windows7-x64

18 signatures

120 seconds

Behavioral task

behavioral2

Sample

dd75fe5219ba2370e04e59fab99a9215bdb623bc628a7dbcb35224648d6c7575.exe

Resource

win10v2004-20241007-en

cybergate fvaleria discovery persistence stealer trojan upx

windows10-2004-x64

19 signatures

120 seconds

Malware Config

Extracted

Family

cybergate

Version

2.6

Botnet

FVALERIA

C2

buceta.sytes.net:2000

galo.no-ip.biz:2000

celsodns.no-ip.org :2000

Mutex

***MUTEX***

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./logs/
ftp_interval
30
injected_process
explorer.exe
install_dir
install
install_file
explorer.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
texto da mensagem
message_box_title
título da mensagem
password
abcd1234
regkey_hkcu
Windows live messenger
regkey_hklm
Windows live messenger

Targets

- Target
  
  dd75fe5219ba2370e04e59fab99a9215bdb623bc628a7dbcb35224648d6c7575.exe
- Size
  
  484KB
- MD5
  
  d05e8e0d1e01452860250b85a58b4d18
- SHA1
  
  918a9b2b1ef0cf2abd988c1a056b854a0aa372dc
- SHA256
  
  dd75fe5219ba2370e04e59fab99a9215bdb623bc628a7dbcb35224648d6c7575
- SHA512
  
  2e2aa424a88ec292794931d129cfeea6e72d2d81ed8df307602ee3eab58a80080a5d4446b604980631b66f3317d0b20acdc124dd35f02104798c18551b36748b
- SSDEEP
  
  12288:fRoDLKIX3HgugB6k0C1hBBLaNVigTYVZv:O6IX3gugHBjgTYVZv
Score

10^/10

cybergate fvaleria discovery persistence stealer trojan upx
- CyberGate, Rebhip
  CyberGate is a lightweight remote administration tool with a wide array of functionalities.
  trojan stealer cybergate
- Cybergate family
  cybergate
- Adds policy Run key to start application
  persistence
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cybergatefvaleriadiscoverypersistencestealertrojanupx

behavioral2

cybergatefvaleriadiscoverypersistencestealertrojanupx

© 2018-2025

Terms | Privacy