cybergate | f8362987559c18f86c3140f587c9afe2fb672bf8e7c9cef72a40b023340ba1d6 | Triage

Submit
Reports

Overview

overview

Static

static

Pictures.rar

windows11-21h2-x64

Sharing

General

Target

Pictures.rar
Size

32.9MB
Sample

241217-tz8c6asqcw
MD5

ee72786ed638b0a1ff4aaeab2930b124
SHA1

9f4cc855008182d693fd95dfc1a01dfa86122e6b
SHA256

f8362987559c18f86c3140f587c9afe2fb672bf8e7c9cef72a40b023340ba1d6
SHA512

d69eb9647d110c91431392e2dfd8bdafab7fd41400ed60432335213657f3e526428ab4fd0db12c7a584959a37d9a17892c9a3b0042dc87a6a3e18f3f08a8a9e2
SSDEEP

786432:LuXBszdWeJLr859RPyUE9ykGTxJM3O/vKxhNR58SzCFKvLYYdhwe1x3H1A4jwU:ixQhAdO+xhyNR58SzpzYgxx3H24EU

Score

10^/10

cybergate darkcomet guest16_min remote discovery rat stealer trojan upx

Static task

static1

remote upx guest16_min cybergate darkcomet

5 signatures

Behavioral task

behavioral1

Sample

Pictures.rar

Resource

win11-20241007-en

cybergate darkcomet remote discovery rat stealer trojan upx

windows11-21h2-x64

19 signatures

150 seconds

Malware Config

Extracted

Family

cybergate

Version

v1.07.5

Botnet

remote

C2

127.0.0.1:999

Mutex

CyberGate1

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./logs/
ftp_interval
30
injected_process
explorer.exe
install_dir
install
install_file
server.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
Remote Administration anywhere in the world.
message_box_title
CyberGate
password
cybergate

Extracted

Family

darkcomet

Botnet

Guest16_min

C2

127.0.0.1:1604

Mutex

DCMIN_MUTEX-6NVM9VT

Attributes

InstallPath
DCSCMIN\IMDCSC.exe
gencode
UK2Bgjd1gQ7p
install
true
offline_keylogger
true
persistence
false
reg_key
DarkComet RAT

Targets

- Target
  
  Pictures.rar
- Size
  
  32.9MB
- MD5
  
  ee72786ed638b0a1ff4aaeab2930b124
- SHA1
  
  9f4cc855008182d693fd95dfc1a01dfa86122e6b
- SHA256
  
  f8362987559c18f86c3140f587c9afe2fb672bf8e7c9cef72a40b023340ba1d6
- SHA512
  
  d69eb9647d110c91431392e2dfd8bdafab7fd41400ed60432335213657f3e526428ab4fd0db12c7a584959a37d9a17892c9a3b0042dc87a6a3e18f3f08a8a9e2
- SSDEEP
  
  786432:LuXBszdWeJLr859RPyUE9ykGTxJM3O/vKxhNR58SzCFKvLYYdhwe1x3H1A4jwU:ixQhAdO+xhyNR58SzpzYgxx3H24EU
Score

10^/10

cybergate darkcomet remote discovery rat stealer trojan upx
- CyberGate, Rebhip
  CyberGate is a lightweight remote administration tool with a wide array of functionalities.
  trojan stealer cybergate
- Cybergate family
  cybergate
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

remoteupxguest16_mincybergatedarkcomet

behavioral1

cybergatedarkcometremotediscoveryratstealertrojanupx

© 2018-2024

Terms | Privacy