cybergate | 624ed85ea7d3c1a717fc1e1a2bafa30374078ff4a12c2e35da74f47e3d429475

General

Target

e9e977b3e950b20fde11a1557df5fdc2_JaffaCakes118
Size

440KB
Sample

241213-e7lrssyldv
MD5

e9e977b3e950b20fde11a1557df5fdc2
SHA1

bf8759c6eb1dc793e2363de1b197a224bbf4a320
SHA256

624ed85ea7d3c1a717fc1e1a2bafa30374078ff4a12c2e35da74f47e3d429475
SHA512

a75713e760dda6bd0baae0756cc17ad89af39e8cb97d5013d1fead7468e0d489967b0d153c34fa294fec76529de5b25d18638cea9b8331005464bf4325d41d53
SSDEEP

6144:aqy7DBsNZvAkhzcsLpVH0uWos1ehXCfg1QDsJY9VfLhbBSDN/VuYzHSXkijyb:aRqXhgsLptc18CfgtYXLhbBCXJim

Score

10^/10

cybergate îþ aspackv2 discovery stealer trojan

Malware Config

Extracted

Family

cybergate

Version

2.7 ÖÐÎÄ°æ

Botnet

ÎÞ

C2

cat65.gicp.net:81

Mutex

***MUTEX***

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./logs/
ftp_interval
30
injected_process
explorer.exe
install_dir
Setup64
install_file
server.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
ÏûÏ¢ÄÚÈÝ
message_box_title
ÏûÏ¢±êÌâ
password
2010pc

Targets

- Target
  
  e9e977b3e950b20fde11a1557df5fdc2_JaffaCakes118
- Size
  
  440KB
- MD5
  
  e9e977b3e950b20fde11a1557df5fdc2
- SHA1
  
  bf8759c6eb1dc793e2363de1b197a224bbf4a320
- SHA256
  
  624ed85ea7d3c1a717fc1e1a2bafa30374078ff4a12c2e35da74f47e3d429475
- SHA512
  
  a75713e760dda6bd0baae0756cc17ad89af39e8cb97d5013d1fead7468e0d489967b0d153c34fa294fec76529de5b25d18638cea9b8331005464bf4325d41d53
- SSDEEP
  
  6144:aqy7DBsNZvAkhzcsLpVH0uWos1ehXCfg1QDsJY9VfLhbBSDN/VuYzHSXkijyb:aRqXhgsLptc18CfgtYXLhbBCXJim
Score

10^/10

cybergate îþ aspackv2 discovery stealer trojan
- CyberGate, Rebhip
  CyberGate is a lightweight remote administration tool with a wide array of functionalities.
  trojan stealer cybergate
- Cybergate family
  cybergate
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

CyberGate, Rebhip

Cybergate family

ASPack v2.12-2.42

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2