cybergate | 449ce72537ab0f8a3787bea3c014152ac56cea5faa13ffb4e86b7be2edeea8dc | Triage

Sharing

General

Target

e83398968d0816d873fc7655783e9563_JaffaCakes118
Size

281KB
Sample

241212-zjbbdaypbq
MD5

e83398968d0816d873fc7655783e9563
SHA1

f73909dcc3fe61117fcc8d0bc82c92b62ddc7072
SHA256

449ce72537ab0f8a3787bea3c014152ac56cea5faa13ffb4e86b7be2edeea8dc
SHA512

5d2fa4551f2a2ee114cce5d16fefb8efb6e71b3dbebdbf8eb83f14ebb4b15b65d21b83d16687379f0d7d2e086f8450065ffe9ce9a46dbe849fa9cda18cf6028f
SSDEEP

6144:KScrLF4mp8D6WGc/YSlIipBReubLzeh7Yy0DMIdeXijk:bciy78QSVnNyhsFMCeSjk

Score

10^/10

cybergate andrax03-16-12 discovery stealer trojan

Malware Config

Extracted

Family

cybergate

Version

v1.18.0 - Trial version

Botnet

Andrax03-16-12

C2

gp1990.no-ip.org:1990

Mutex

Q00W3PR166L34H

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./logs
ftp_interval
30
injected_process
explorer.exe
install_dir
Winzip
install_file
Windll.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
Remote Administration anywhere in the world.
message_box_title
CyberGate
password
gp161990
regkey_hkcu
Windll
regkey_hklm
Windll

Targets

- Target
  
  e83398968d0816d873fc7655783e9563_JaffaCakes118
- Size
  
  281KB
- MD5
  
  e83398968d0816d873fc7655783e9563
- SHA1
  
  f73909dcc3fe61117fcc8d0bc82c92b62ddc7072
- SHA256
  
  449ce72537ab0f8a3787bea3c014152ac56cea5faa13ffb4e86b7be2edeea8dc
- SHA512
  
  5d2fa4551f2a2ee114cce5d16fefb8efb6e71b3dbebdbf8eb83f14ebb4b15b65d21b83d16687379f0d7d2e086f8450065ffe9ce9a46dbe849fa9cda18cf6028f
- SSDEEP
  
  6144:KScrLF4mp8D6WGc/YSlIipBReubLzeh7Yy0DMIdeXijk:bciy78QSVnNyhsFMCeSjk
Score

10^/10

cybergate andrax03-16-12 discovery stealer trojan
- CyberGate, Rebhip
  CyberGate is a lightweight remote administration tool with a wide array of functionalities.
  trojan stealer cybergate
- Cybergate family
  cybergate
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

andrax03-16-12cybergate

behavioral1

cybergateandrax03-16-12discoverystealertrojan

behavioral2

cybergateandrax03-16-12discoverystealertrojan