Extracted

• • Target

    3c13c790c0f112624f80ca101b041a054f5a0425fa880935c35feed059b03bd4N.exe

  • Size

    2.0MB

  • MD5

    c56c206734db4c75b1949300447138a0

  • SHA1

    d51f246a19ade2b4872051e81b66faaedd5dc911

  • SHA256

    3c13c790c0f112624f80ca101b041a054f5a0425fa880935c35feed059b03bd4

  • SHA512

    ca4ba53fd01cd624fbadba74552f6378980201fd7245904ad60505271804479322cd0a7c4c0d34b46aeeabb041e09ea171b1fd895cdc91544e98414e90c6ebf3

  • SSDEEP

    24576:1BvQck62t54ozaSAmi2ExdGAN7zVaRtmBJ+L3zMGmrPCP3Q9e:c54ozaSAmi2EfPaEaPmrPC/QY

  Score

  10^/10

  cybergateäñìóódiscoveryevasionpersistencestealerthemidatrojanupx

  • CyberGate, Rebhip

    CyberGate is a lightweight remote administration tool with a wide array of functionalities.

    trojanstealercybergate

  • Cybergate family

    cybergate

  • Adds policy Run key to start application

    persistence

  • Boot or Logon Autostart Execution: Active Setup

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Themida packer

    Detects Themida, an advanced Windows software protection system.

    themida

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2