cybergate | 387b2f380f5f3b6949c22fdb06932b9f5e6d25b5afd4ecf21be7034fbaa9109d

General

Target

f1ffad491acb5315b62d5b83dc202658_JaffaCakes118
Size

404KB
Sample

241215-dl9fastqan
MD5

f1ffad491acb5315b62d5b83dc202658
SHA1

d4fe707e9d1b3cd8096423d9da14f616fdef98fe
SHA256

387b2f380f5f3b6949c22fdb06932b9f5e6d25b5afd4ecf21be7034fbaa9109d
SHA512

c93adf475a123c4715b21b709906c4c410569d747dbb0e9a6fa69550a78d2196dbea23390a80c5accc3f3f2503187593738b7f6e273f66fa392da3f501bd88bb
SSDEEP

12288:sa5dUeRrl7IJDTm54cJG7gFGjboco64LCTI2IO6X4S:TPRrlEU54cQ7C0bocgCEm6X

Score

10^/10

Malware Config

Extracted

Family

cybergate

Version

v1.07.5

Botnet

remote

C2

jorje200810.no-ip.biz:998

Mutex

0ONJWX1K75CP2V

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./logs/
ftp_interval
30
injected_process
explorer.exe
install_dir
install
install_file
wvllmsn.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
Remote Administration anywhere in the world.
message_box_title
CyberGate
password
123456

Targets

- Target
  
  f1ffad491acb5315b62d5b83dc202658_JaffaCakes118
- Size
  
  404KB
- MD5
  
  f1ffad491acb5315b62d5b83dc202658
- SHA1
  
  d4fe707e9d1b3cd8096423d9da14f616fdef98fe
- SHA256
  
  387b2f380f5f3b6949c22fdb06932b9f5e6d25b5afd4ecf21be7034fbaa9109d
- SHA512
  
  c93adf475a123c4715b21b709906c4c410569d747dbb0e9a6fa69550a78d2196dbea23390a80c5accc3f3f2503187593738b7f6e273f66fa392da3f501bd88bb
- SSDEEP
  
  12288:sa5dUeRrl7IJDTm54cJG7gFGjboco64LCTI2IO6X4S:TPRrlEU54cQ7C0bocgCEm6X
Score

10^/10

cybergate remote discovery stealer trojan upx
- CyberGate, Rebhip
  CyberGate is a lightweight remote administration tool with a wide array of functionalities.
  trojan stealer cybergate
- Cybergate family
  cybergate
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

CyberGate, Rebhip

Cybergate family

Executes dropped EXE

Loads dropped DLL

Uses the VBS compiler for execution

Suspicious use of SetThreadContext

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2