cybergate | e7768eeaebb30357c6eb2455cfcf9dc9fdfc54c3fb2c3108e349cc741f5d35b2

General

Target

d58040e048d62df8d1757359c81c41ad_JaffaCakes118
Size

276KB
Sample

241208-gb33bazmbk
MD5

d58040e048d62df8d1757359c81c41ad
SHA1

cd6fea69dc98c758bb3ca317d3a2d1fcdc355cd2
SHA256

e7768eeaebb30357c6eb2455cfcf9dc9fdfc54c3fb2c3108e349cc741f5d35b2
SHA512

7f5439b63573ff19bf5d8cde5a5a55b410aebb3663adfc628328d80009631f69e6884aadda56754c907e1c0f4174d1628a081e6530efaa7392df0cfaeb59dd2b
SSDEEP

6144:Lk4qmSCqUp+TN8xyNPY/vOlxobqrIeYNFmzGXcie78:w9P0+TnNFlxZIhiie

Score

10^/10

Malware Config

Extracted

Family

cybergate

Version

2.6

Botnet

window

C2

notimetest.no-ip.biz:81

Mutex

***MUTEX***

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./logs/
ftp_interval
30
injected_process
explorer.exe
install_dir
install
install_file
server.exe
install_flag
false
keylogger_enable_ftp
false
message_box_caption
texto da mensagem
message_box_title
título da mensagem
password
abcd1234

Targets

- Target
  
  d58040e048d62df8d1757359c81c41ad_JaffaCakes118
- Size
  
  276KB
- MD5
  
  d58040e048d62df8d1757359c81c41ad
- SHA1
  
  cd6fea69dc98c758bb3ca317d3a2d1fcdc355cd2
- SHA256
  
  e7768eeaebb30357c6eb2455cfcf9dc9fdfc54c3fb2c3108e349cc741f5d35b2
- SHA512
  
  7f5439b63573ff19bf5d8cde5a5a55b410aebb3663adfc628328d80009631f69e6884aadda56754c907e1c0f4174d1628a081e6530efaa7392df0cfaeb59dd2b
- SSDEEP
  
  6144:Lk4qmSCqUp+TN8xyNPY/vOlxobqrIeYNFmzGXcie78:w9P0+TnNFlxZIhiie
Score

10^/10

cybergate window discovery stealer trojan upx
- CyberGate, Rebhip
  CyberGate is a lightweight remote administration tool with a wide array of functionalities.
  trojan stealer cybergate
- Cybergate family
  cybergate
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

CyberGate, Rebhip

Cybergate family

Checks computer location settings

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2