cybergate | 1d4b18074aa3d958adb6f52e8ba7e37cf6bc799d46784734275cf476a2867622 | Triage

Sharing

General

Target

1d4b18074aa3d958adb6f52e8ba7e37cf6bc799d46784734275cf476a2867622
Size

2.1MB
Sample

241204-yzh6gsyqcy
MD5

bee0398363217eaedbdee4b83e5909fd
SHA1

eeaf4acab9a4d247bb3513110dfffe370301763e
SHA256

1d4b18074aa3d958adb6f52e8ba7e37cf6bc799d46784734275cf476a2867622
SHA512

da608822c3c570f8fe62a10d0b76ed3c706271ff7f22c4ee7c844a5b5e9af48c736d8cf12a393ba3d390e6dd3ed70b26c43a1ab60061812661855fb6183ae22b
SSDEEP

49152:qtACGnO8DYVanUCV9RR2z9TRAiuLjFIWgUWPt5lVU0Eo:qtQnOaUC3q9ojMfP00Eo

Score

10^/10

cybergate vítima 4shared discovery evasion stealer trojan

Malware Config

Extracted

Family

cybergate

Version

2.7 Final

Botnet

vítima 4shared

C2

lucasgusmao.no-ip.org:2000

Mutex

***MUTEX***

Attributes

enable_keylogger
true
enable_message_box
true
ftp_directory
./logs/
ftp_interval
30
ftp_password
123654
ftp_port
21
ftp_server
ftp.server.com
ftp_username
ftp_user
injected_process
explorer.exe
install_dir
install
install_file
server.exe
install_flag
true
keylogger_enable_ftp
true
message_box_caption
Falta de DLL ,Instale a DLL e Reinicie o PC... complemento comdl32.ocx
message_box_title
Error!!!
password
123654
regkey_hkcu
HKCU
regkey_hklm
HKLM

Targets

- Target
  
  1d4b18074aa3d958adb6f52e8ba7e37cf6bc799d46784734275cf476a2867622
- Size
  
  2.1MB
- MD5
  
  bee0398363217eaedbdee4b83e5909fd
- SHA1
  
  eeaf4acab9a4d247bb3513110dfffe370301763e
- SHA256
  
  1d4b18074aa3d958adb6f52e8ba7e37cf6bc799d46784734275cf476a2867622
- SHA512
  
  da608822c3c570f8fe62a10d0b76ed3c706271ff7f22c4ee7c844a5b5e9af48c736d8cf12a393ba3d390e6dd3ed70b26c43a1ab60061812661855fb6183ae22b
- SSDEEP
  
  49152:qtACGnO8DYVanUCV9RR2z9TRAiuLjFIWgUWPt5lVU0Eo:qtQnOaUC3q9ojMfP00Eo
Score

10^/10

cybergate vítima 4shared discovery evasion stealer trojan
- CyberGate, Rebhip
  CyberGate is a lightweight remote administration tool with a wide array of functionalities.
  trojan stealer cybergate
- Cybergate family
  cybergate
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cybergatevítima 4shareddiscoveryevasionstealertrojan

behavioral2

cybergatevítima 4shareddiscoveryevasionstealertrojan