cybergate | 6b8aabb239a42337ae14a04688523e6554d5e50783723869ca1eba8b725b751f

General

Target

JaffaCakes118_62d3049e74ac6d37a5fe549176cee470
Size

555KB
Sample

250115-1p66nswlh1
MD5

62d3049e74ac6d37a5fe549176cee470
SHA1

fd1e5dd6898f9a459716214d69d6bc757ee39ee1
SHA256

6b8aabb239a42337ae14a04688523e6554d5e50783723869ca1eba8b725b751f
SHA512

1e0d3de35390fdf486abadf5ce0b24866304bf291857d819be26c78dea10b796436a438bceeb3ca2b83ccfe6d8d5af7ac94817157b3b0b2d4bb46359ea40317d
SSDEEP

6144:0he0IqpUaeOgHWAOHAzKabMxhdBCkWYxuukP1pjSKSNVkq/MVJb:0h9GaU2A5KrxTBd47GLRMTb

Score

10^/10

cybergate vm discovery stealer trojan upx

Malware Config

Extracted

Family

cybergate

Version

v1.07.5

Botnet

vm

C2

m756.3322.org:81

mabang.selfip.com:82

Mutex

K8ES16Y131J5NG

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./logs/
ftp_interval
30
injected_process
explorer.exe
install_file
svchast.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
Remote Administration anywhere in the world.
message_box_title
CyberGate
password
00

Targets

- Target
  
  JaffaCakes118_62d3049e74ac6d37a5fe549176cee470
- Size
  
  555KB
- MD5
  
  62d3049e74ac6d37a5fe549176cee470
- SHA1
  
  fd1e5dd6898f9a459716214d69d6bc757ee39ee1
- SHA256
  
  6b8aabb239a42337ae14a04688523e6554d5e50783723869ca1eba8b725b751f
- SHA512
  
  1e0d3de35390fdf486abadf5ce0b24866304bf291857d819be26c78dea10b796436a438bceeb3ca2b83ccfe6d8d5af7ac94817157b3b0b2d4bb46359ea40317d
- SSDEEP
  
  6144:0he0IqpUaeOgHWAOHAzKabMxhdBCkWYxuukP1pjSKSNVkq/MVJb:0h9GaU2A5KrxTBd47GLRMTb
Score

10^/10

cybergate vm discovery stealer trojan upx
- CyberGate, Rebhip
  CyberGate is a lightweight remote administration tool with a wide array of functionalities.
  trojan stealer cybergate
- Cybergate family
  cybergate
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

CyberGate, Rebhip

Cybergate family

Checks computer location settings

Executes dropped EXE

Suspicious use of NtSetInformationThreadHideFromDebugger

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2