cybergate | 835f5d029588a068436b2814729f150b8e9b5e04ada725547d4e2b3e9e1a0157 | Triage

Sharing

General

Target

JaffaCakes118_036787795a1142aba7f6c6420328764b
Size

1.4MB
Sample

250121-krew7svpbs
MD5

036787795a1142aba7f6c6420328764b
SHA1

b821ce6fcb1905937c70329e6934961e9c70a65f
SHA256

835f5d029588a068436b2814729f150b8e9b5e04ada725547d4e2b3e9e1a0157
SHA512

f374d8391da9a701d3c71e687ec09b9bb4db9954c34c7129a42f16ff85c658202e1b1d413878e4a17be78cc8eb63be1a2ede90342857c42bcb8d999a71a0c7ab
SSDEEP

12288:iDwBnFvQaqNbs/X/gfc2wIw14lj5/ojIt0fuEUecf3+w1PFTY5m7aC5G3u3x:Jssng2140ItQuEdY3+7gD3x

Score

10^/10

cybergate a7traf discovery stealer trojan upx

Malware Config

Extracted

Family

cybergate

Version

v1.18.0 - Crack Version

Botnet

A7tRaf

C2

mhmd33.no-ip.biz:999

Mutex

0V071X0AVO0G5G

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./logs
ftp_interval
30
injected_process
svchost.exe
install_dir
system
install_file
Update.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
Remote Administration anywhere in the world.
message_box_title
CyberGate
password
123456
regkey_hkcu
svchost
regkey_hklm
svchost

Targets

- Target
  
  JaffaCakes118_036787795a1142aba7f6c6420328764b
- Size
  
  1.4MB
- MD5
  
  036787795a1142aba7f6c6420328764b
- SHA1
  
  b821ce6fcb1905937c70329e6934961e9c70a65f
- SHA256
  
  835f5d029588a068436b2814729f150b8e9b5e04ada725547d4e2b3e9e1a0157
- SHA512
  
  f374d8391da9a701d3c71e687ec09b9bb4db9954c34c7129a42f16ff85c658202e1b1d413878e4a17be78cc8eb63be1a2ede90342857c42bcb8d999a71a0c7ab
- SSDEEP
  
  12288:iDwBnFvQaqNbs/X/gfc2wIw14lj5/ojIt0fuEUecf3+w1PFTY5m7aC5G3u3x:Jssng2140ItQuEdY3+7gD3x
Score

10^/10

cybergate a7traf discovery stealer trojan upx
- CyberGate, Rebhip
  CyberGate is a lightweight remote administration tool with a wide array of functionalities.
  trojan stealer cybergate
- Cybergate family
  cybergate
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cybergatea7trafdiscoverystealertrojanupx

behavioral2

cybergatea7trafdiscoverystealertrojanupx