cybergate | 2a27b69a8e2756b855d42c65a556e641407e48a363f612bd9dcf8f049bcad94c

General

Target

JaffaCakes118_6d1bc3e20a8a3fe2bbb0113e2be23f93
Size

468KB
Sample

250116-gpmx9awqdq
MD5

6d1bc3e20a8a3fe2bbb0113e2be23f93
SHA1

38d6bee1db08a6ed22efafa166783bd79f95c3e5
SHA256

2a27b69a8e2756b855d42c65a556e641407e48a363f612bd9dcf8f049bcad94c
SHA512

ea12274ad563d1ad25b6f4bcc5f4b38a6c762b824cc26ce83e74bbd3e6e09ff76828817b6c97d886b20a7498eb53625e3a904f8fc59f93fd2f0a75d24e74aa1a
SSDEEP

12288:OXaR+pvRDAvW8VsAN55cKIo+mat40of+cSbggLzI:xR+peh35qK054INjLzI

Score

10^/10

Malware Config

Extracted

Family

cybergate

Version

v1.07.5

Botnet

cyber

C2

57uytgh4.no-ip.info:1349

Mutex

6LB10NV852QNQ0

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./logs/
ftp_interval
30
injected_process
explorer.exe
install_dir
WinDir
install_file
ZinWipToolBar.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
Remote Administration anywhere in the world.
message_box_title
CyberGate
password
!!vocared9

Targets

- Target
  
  JaffaCakes118_6d1bc3e20a8a3fe2bbb0113e2be23f93
- Size
  
  468KB
- MD5
  
  6d1bc3e20a8a3fe2bbb0113e2be23f93
- SHA1
  
  38d6bee1db08a6ed22efafa166783bd79f95c3e5
- SHA256
  
  2a27b69a8e2756b855d42c65a556e641407e48a363f612bd9dcf8f049bcad94c
- SHA512
  
  ea12274ad563d1ad25b6f4bcc5f4b38a6c762b824cc26ce83e74bbd3e6e09ff76828817b6c97d886b20a7498eb53625e3a904f8fc59f93fd2f0a75d24e74aa1a
- SSDEEP
  
  12288:OXaR+pvRDAvW8VsAN55cKIo+mat40of+cSbggLzI:xR+peh35qK054INjLzI
Score

10^/10

cybergate cyber discovery stealer trojan upx
- CyberGate, Rebhip
  CyberGate is a lightweight remote administration tool with a wide array of functionalities.
  trojan stealer cybergate
- Cybergate family
  cybergate
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

CyberGate, Rebhip

Cybergate family

Checks computer location settings

Drops startup file

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2