cybergate | 9b40f1da1d163db2532f58a4601cf3d5d2b5f3f2faabb3be66b5b6d0ebd180f3 | Triage

Sharing

General

Target

JaffaCakes118_7b653cac78805d23d12e93d6a3f7c6a0
Size

331KB
Sample

250104-x87prstmaw
MD5

7b653cac78805d23d12e93d6a3f7c6a0
SHA1

8c58eda905bb0b5056ec574558cdafeab51fccb0
SHA256

9b40f1da1d163db2532f58a4601cf3d5d2b5f3f2faabb3be66b5b6d0ebd180f3
SHA512

e3a02bcb86a127396d0ff7d8bf7ddc2ec591e87957b3d3797181b75b64c749e00ec8d5609ccd9193f6a4ff0dab447c2b5736f409983f335b526548e04aed6654
SSDEEP

6144:kPIgfIXgfpbmgwVsIWhYag5aQWe5/q5UFBR01g7bTHDeVV:YHfNfdc2Ixags9e5/EeBG1g7nHDeV

Score

10^/10

cybergate çáåßñ çáìäæèí discovery stealer trojan

Malware Config

Extracted

Family

cybergate

Version

2.6

Botnet

ÇáåßÑ ÇáÌäæÈí

C2

wolfff12.no-ip.biz:288

Mutex

***MUTEX***

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./logs/
ftp_interval
30
injected_process
svchost.exe
install_file
windows.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
texto da mensagem
message_box_title
título da mensagem
password
abcd1234
regkey_hkcu
HKCU
regkey_hklm
HKLM

Targets

- Target
  
  JaffaCakes118_7b653cac78805d23d12e93d6a3f7c6a0
- Size
  
  331KB
- MD5
  
  7b653cac78805d23d12e93d6a3f7c6a0
- SHA1
  
  8c58eda905bb0b5056ec574558cdafeab51fccb0
- SHA256
  
  9b40f1da1d163db2532f58a4601cf3d5d2b5f3f2faabb3be66b5b6d0ebd180f3
- SHA512
  
  e3a02bcb86a127396d0ff7d8bf7ddc2ec591e87957b3d3797181b75b64c749e00ec8d5609ccd9193f6a4ff0dab447c2b5736f409983f335b526548e04aed6654
- SSDEEP
  
  6144:kPIgfIXgfpbmgwVsIWhYag5aQWe5/q5UFBR01g7bTHDeVV:YHfNfdc2Ixags9e5/EeBG1g7nHDeV
Score

10^/10

cybergate çáåßñ çáìäæèí discovery stealer trojan
- CyberGate, Rebhip
  CyberGate is a lightweight remote administration tool with a wide array of functionalities.
  trojan stealer cybergate
- Cybergate family
  cybergate
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cybergateçáåßñ çáìäæèídiscoverystealertrojan

behavioral2