cybergate | 46cc921ccfa72cd4ba72250d772f224c44d8df905fd7cd18dd3bded468d8e8e8

General

Target

dca2f3102d93ac34ff4e7c05ff230369_JaffaCakes118
Size

425KB
Sample

241210-c5cp1awlbq
MD5

dca2f3102d93ac34ff4e7c05ff230369
SHA1

92d757aa9aa48b35fe0e816f37e110521b251fac
SHA256

46cc921ccfa72cd4ba72250d772f224c44d8df905fd7cd18dd3bded468d8e8e8
SHA512

f418a0d55f2022d753ca7346405791ecb4e008e8819dc79a51127acd43f71e93815d590996d1d7d14cccc1c9289d3d3df8766663fd961ece8bacb3a6b6653c0c
SSDEEP

6144:x6BsG/zrxuWBmiiByRFluBW69c0GtUFLtzPDcsEkSmh8Stw+E8PrIrM+NW6o2SW5:IBsG/As6m8Pr4/xS2hdEbA6

Score

10^/10

Malware Config

Extracted

Family

cybergate

Version

2.5

Botnet

vítima

C2

127.0.0.1:81

cynic25.zapto.org:80

Mutex

***MUTEX***

Attributes

enable_keylogger
false
enable_message_box
true
ftp_directory
./logs/
ftp_interval
30
injected_process
explorer.exe
install_dir
Windl
install_file
win32.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
Congrats trojan connects to remote pc
message_box_title
yay
password
abcd1234

Targets

- Target
  
  dca2f3102d93ac34ff4e7c05ff230369_JaffaCakes118
- Size
  
  425KB
- MD5
  
  dca2f3102d93ac34ff4e7c05ff230369
- SHA1
  
  92d757aa9aa48b35fe0e816f37e110521b251fac
- SHA256
  
  46cc921ccfa72cd4ba72250d772f224c44d8df905fd7cd18dd3bded468d8e8e8
- SHA512
  
  f418a0d55f2022d753ca7346405791ecb4e008e8819dc79a51127acd43f71e93815d590996d1d7d14cccc1c9289d3d3df8766663fd961ece8bacb3a6b6653c0c
- SSDEEP
  
  6144:x6BsG/zrxuWBmiiByRFluBW69c0GtUFLtzPDcsEkSmh8Stw+E8PrIrM+NW6o2SW5:IBsG/As6m8Pr4/xS2hdEbA6
Score

10^/10

cybergate vítima discovery stealer trojan upx
- CyberGate, Rebhip
  CyberGate is a lightweight remote administration tool with a wide array of functionalities.
  trojan stealer cybergate
- Cybergate family
  cybergate
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

CyberGate, Rebhip

Cybergate family

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2