cybergate | 569e4bc687e484e25538182446eccc480a197edb160a3b0dc82531e57072a370

General

Target

JaffaCakes118_068ed4d61f6098e0501f641eb27ac37e
Size

572KB
Sample

250121-wy1ysswmey
MD5

068ed4d61f6098e0501f641eb27ac37e
SHA1

94d8f3891c4ea2fd2b8d568ee1669e67ba2e1d04
SHA256

569e4bc687e484e25538182446eccc480a197edb160a3b0dc82531e57072a370
SHA512

549a4db847786fa1e49d5f94a678738dbf4e8abf9f9c5e71b97b5744273b3da2c6e27064d381ca607926e930d34a4e5d9161f824b78495e9efdca2792b06eb75
SSDEEP

12288:p+6lWHpGaSt+zt/E9FRrMKNRegrwGOVn2IJDZEC64fc+Ry0uODVP:Y0NtMNE9FRrMkrwGQ2IRKj4fc+AxOD

Score

10^/10

Malware Config

Extracted

Family

cybergate

Version

2.6

Botnet

vítima

C2

127.0.0.1:288

Mutex

***MUTEX***

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./logs/
ftp_interval
30
injected_process
explorer.exe
install_dir
install
install_file
server.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
texto da mensagem
message_box_title
título da mensagem
password
abcd1234

Targets

- Target
  
  JaffaCakes118_068ed4d61f6098e0501f641eb27ac37e
- Size
  
  572KB
- MD5
  
  068ed4d61f6098e0501f641eb27ac37e
- SHA1
  
  94d8f3891c4ea2fd2b8d568ee1669e67ba2e1d04
- SHA256
  
  569e4bc687e484e25538182446eccc480a197edb160a3b0dc82531e57072a370
- SHA512
  
  549a4db847786fa1e49d5f94a678738dbf4e8abf9f9c5e71b97b5744273b3da2c6e27064d381ca607926e930d34a4e5d9161f824b78495e9efdca2792b06eb75
- SSDEEP
  
  12288:p+6lWHpGaSt+zt/E9FRrMKNRegrwGOVn2IJDZEC64fc+Ry0uODVP:Y0NtMNE9FRrMkrwGQ2IRKj4fc+AxOD
Score

10^/10

cybergate vítima discovery stealer trojan upx
- CyberGate, Rebhip
  CyberGate is a lightweight remote administration tool with a wide array of functionalities.
  trojan stealer cybergate
- Cybergate family
  cybergate
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

CyberGate, Rebhip

Cybergate family

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2