cybergate | aaced53e21368394db375efbdf48da34661790f221fb453c4f71b1eaeed20456

General

Target

JaffaCakes118_91d568d2c9fafb7110cac42613aeeaec
Size

586KB
Sample

250117-vd2txsxjdt
MD5

91d568d2c9fafb7110cac42613aeeaec
SHA1

0ed7b42284c0f0faaa84b27dab3f5671a537703d
SHA256

aaced53e21368394db375efbdf48da34661790f221fb453c4f71b1eaeed20456
SHA512

ab1ebc23ca8c9fd199ee1339dfe9f029d59a14accd96b1f28723f193e873efa51aee55a4d745bdf0c44dd19a2553d806a5604ce1d65493d6adb3146a7c30d223
SSDEEP

12288:DqGDgJTaFbI672ewQU6gHbQT760WA0WLiQNA1Iu4CRVtEcNi:DfuTCIu2lWg7Qv6hA0B9+DCBbE

Score

10^/10

Malware Config

Extracted

Family

cybergate

Version

2.6

Botnet

ÖÍíÉ

C2

127.0.0.1:288

Mutex

***MUTEX***

Attributes

enable_keylogger
false
enable_message_box
false
ftp_directory
./logs/
ftp_interval
30
injected_process
svchost.exe
install_file
windows.exe
install_flag
false
keylogger_enable_ftp
false
message_box_caption
texto da mensagem
message_box_title
t?tulo da mensagem
password
abcd1234

Targets

- Target
  
  JaffaCakes118_91d568d2c9fafb7110cac42613aeeaec
- Size
  
  586KB
- MD5
  
  91d568d2c9fafb7110cac42613aeeaec
- SHA1
  
  0ed7b42284c0f0faaa84b27dab3f5671a537703d
- SHA256
  
  aaced53e21368394db375efbdf48da34661790f221fb453c4f71b1eaeed20456
- SHA512
  
  ab1ebc23ca8c9fd199ee1339dfe9f029d59a14accd96b1f28723f193e873efa51aee55a4d745bdf0c44dd19a2553d806a5604ce1d65493d6adb3146a7c30d223
- SSDEEP
  
  12288:DqGDgJTaFbI672ewQU6gHbQT760WA0WLiQNA1Iu4CRVtEcNi:DfuTCIu2lWg7Qv6hA0B9+DCBbE
Score

10^/10

cybergate öííé discovery stealer trojan upx
- CyberGate, Rebhip
  CyberGate is a lightweight remote administration tool with a wide array of functionalities.
  trojan stealer cybergate
- Cybergate family
  cybergate
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

CyberGate, Rebhip

Cybergate family

Checks computer location settings

Suspicious use of SetThreadContext

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2