cybergate | 64e81e29eced9bab30255aa7ecf8d7af2ba4114a1c0b526999f09e88df85d4cd

General

Target

JaffaCakes118_68d66245d35fe901c3b1b8dffec8c797
Size

1.1MB
Sample

250116-deacmazjhn
MD5

68d66245d35fe901c3b1b8dffec8c797
SHA1

cca0ac53831ae0a73e9d63920bab02e8ccd3fc5c
SHA256

64e81e29eced9bab30255aa7ecf8d7af2ba4114a1c0b526999f09e88df85d4cd
SHA512

76bcba12a410f1083170413cfb73c8e19d165b6cbc4839a27c72a9176eae3ce49d5fa7739602a2aff3dd51905a4465dacc6a8cdfd7ecc2062329c99c738e5c8c
SSDEEP

12288:35xmDMg291iAzhq3ar2/Ops9dmb/KlW8eZfPajMEsyIM9FiTe68jJMGar5j4vC93:PRd9gEgxSe1gsOKufpTsW

Score

10^/10

Malware Config

Extracted

Family

cybergate

Version

v1.04.8

Botnet

cyber

C2

hackerstrike.no-ip.biz:82

hornybitch.no-ip.biz:82

Mutex

7Q4U2A817XM11L

Attributes

enable_keylogger
false
enable_message_box
false
ftp_directory
./logs/
ftp_interval
30
injected_process
explorer.exe
install_dir
Install
install_file
iexplorer.exe
install_flag
false
keylogger_enable_ftp
false
message_box_caption
Update completed
message_box_title
Windows
password
123456
regkey_hkcu
HKCU
regkey_hklm
HKLM

Targets

- Target
  
  JaffaCakes118_68d66245d35fe901c3b1b8dffec8c797
- Size
  
  1.1MB
- MD5
  
  68d66245d35fe901c3b1b8dffec8c797
- SHA1
  
  cca0ac53831ae0a73e9d63920bab02e8ccd3fc5c
- SHA256
  
  64e81e29eced9bab30255aa7ecf8d7af2ba4114a1c0b526999f09e88df85d4cd
- SHA512
  
  76bcba12a410f1083170413cfb73c8e19d165b6cbc4839a27c72a9176eae3ce49d5fa7739602a2aff3dd51905a4465dacc6a8cdfd7ecc2062329c99c738e5c8c
- SSDEEP
  
  12288:35xmDMg291iAzhq3ar2/Ops9dmb/KlW8eZfPajMEsyIM9FiTe68jJMGar5j4vC93:PRd9gEgxSe1gsOKufpTsW
Score

10^/10

cybergate cyber discovery stealer trojan upx
- CyberGate, Rebhip
  CyberGate is a lightweight remote administration tool with a wide array of functionalities.
  trojan stealer cybergate
- Cybergate family
  cybergate
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

CyberGate, Rebhip

Cybergate family

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2