Extracted

• • Target

    1d32d511e6526cba78c94cea9ce2c6d4553e210402576a10cf72d6b258c45087.exe

  • Size

    2.0MB

  • MD5

    4f82a9f08818558b249c013ac53d7f81

  • SHA1

    3e744bae2624a1bf9aebd49fb496f1b18c6b2a25

  • SHA256

    1d32d511e6526cba78c94cea9ce2c6d4553e210402576a10cf72d6b258c45087

  • SHA512

    c66f848b1a4894ca7bead60d03c5ef05470a7acfffc6d14a22089ec90710bdd21e8eb42a91bf3c0329d62cbd7d2690c098aa4a3c575713288398646fc045055a

  • SSDEEP

    24576:1BvQck62t54ozaSAmi2ExdGAN7zVaRtmBJ+L3zMGmrPCP3Q9eF:c54ozaSAmi2EfPaEaPmrPC/QYF

  Score

  10^/10

  cybergateäñìóódiscoveryevasionpersistencestealerthemidatrojanupx

  • CyberGate, Rebhip

    CyberGate is a lightweight remote administration tool with a wide array of functionalities.

    trojanstealercybergate

  • Cybergate family

    cybergate

  • Adds policy Run key to start application

    persistence

  • Boot or Logon Autostart Execution: Active Setup

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Themida packer

    Detects Themida, an advanced Windows software protection system.

    themida

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2