cybergate | 18692d68d70fc812b3a138c329092665e0c23f1279d57f7f24ca06e4ee823d9f | Triage

Submit
Reports

Overview

overview

Static

static

3

18692d68d7...fN.exe

windows7-x64

18692d68d7...fN.exe

windows10-2004-x64

Sharing

General

Target

18692d68d70fc812b3a138c329092665e0c23f1279d57f7f24ca06e4ee823d9fN.exe
Size

376KB
Sample

241205-hxfpkstnbw
MD5

ddbd83e050ec3678d3ad00e1b130ce50
SHA1

c77a7f5e2d414b19df2690d0c93d6c6af673b5d7
SHA256

18692d68d70fc812b3a138c329092665e0c23f1279d57f7f24ca06e4ee823d9f
SHA512

ab4e56cfc701414df5668bd23274025bc7d7edd2a0276602e6135abc077a7cdafeb4d1830b1417d0fb4d6360dff3c48e71102849f832d8d71fc13e8d07456cc8
SSDEEP

6144:O54tkd+XBaN+muEfrDFGO2AjHQGp/MBdCLE7eZfz1ugWb22r6dszYcvspHz1Fa0O:O54tkoRa4m7f3FGOfjwGpkwFIgWbLe6l

Score

10^/10

cybergate geninho discovery persistence stealer trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

18692d68d70fc812b3a138c329092665e0c23f1279d57f7f24ca06e4ee823d9fN.exe

Resource

win7-20240729-en

cybergate geninho discovery persistence stealer trojan upx

windows7-x64

17 signatures

120 seconds

Behavioral task

behavioral2

Sample

18692d68d70fc812b3a138c329092665e0c23f1279d57f7f24ca06e4ee823d9fN.exe

Resource

win10v2004-20241007-en

cybergate geninho discovery persistence stealer trojan upx

windows10-2004-x64

17 signatures

120 seconds

Malware Config

Extracted

Family

cybergate

Version

2.6

Botnet

GENINHO

C2

unidasdns.no-ip.org:1000

Mutex

***MUTEX***

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./logs/
ftp_interval
30
injected_process
explorer.exe
install_dir
Intel
install_file
iusb3.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
Plugin Host Controller
message_box_title
Host Controller !
password
abcd1234
regkey_hkcu
Host Controller
regkey_hklm
Intel

Targets

- Target
  
  18692d68d70fc812b3a138c329092665e0c23f1279d57f7f24ca06e4ee823d9fN.exe
- Size
  
  376KB
- MD5
  
  ddbd83e050ec3678d3ad00e1b130ce50
- SHA1
  
  c77a7f5e2d414b19df2690d0c93d6c6af673b5d7
- SHA256
  
  18692d68d70fc812b3a138c329092665e0c23f1279d57f7f24ca06e4ee823d9f
- SHA512
  
  ab4e56cfc701414df5668bd23274025bc7d7edd2a0276602e6135abc077a7cdafeb4d1830b1417d0fb4d6360dff3c48e71102849f832d8d71fc13e8d07456cc8
- SSDEEP
  
  6144:O54tkd+XBaN+muEfrDFGO2AjHQGp/MBdCLE7eZfz1ugWb22r6dszYcvspHz1Fa0O:O54tkoRa4m7f3FGOfjwGpkwFIgWbLe6l
Score

10^/10

cybergate geninho discovery persistence stealer trojan upx
- CyberGate, Rebhip
  CyberGate is a lightweight remote administration tool with a wide array of functionalities.
  trojan stealer cybergate
- Cybergate family
  cybergate
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cybergategeninhodiscoverypersistencestealertrojanupx

behavioral2

cybergategeninhodiscoverypersistencestealertrojanupx

© 2018-2025

Terms | Privacy