cybergate | 38f82b6ce1dea5169ddfffba456d12a7858301e700dad4b792c4757e488a01cf | Triage

Sharing

General

Target

JaffaCakes118_18f99a12f22126a4ccd0cdc73b4b792e
Size

392KB
Sample

250123-ttj4dawrbn
MD5

18f99a12f22126a4ccd0cdc73b4b792e
SHA1

4e64be6fdb8402e67aedc25af50b350f556bd55c
SHA256

38f82b6ce1dea5169ddfffba456d12a7858301e700dad4b792c4757e488a01cf
SHA512

fc27c18023265cf3afe0962df46119ef0b5d114c363f2f61428cdb508a69bbd20e1688c9f8307f4b6b9ea17d54e174ada46c9b613d298303af2b4f9d7dbc9875
SSDEEP

6144:bcMqWu2qQ8N1UUJvAO03vM/6DBsKZfD0X8OoDntRVBdyXj6eyGirXGzYMUrt:QM82qQ8BAH3E/iBsxotRxC2t

Score

10^/10

cybergate dragon.boss discovery persistence stealer trojan upx

Malware Config

Extracted

Family

cybergate

Version

2.6

Botnet

Dragon.Boss

C2

127.0.0.1:81

steam21.zapto.org:81

Mutex

***MUTEX1***

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./logs/
ftp_interval
30
injected_process
explorer.exe
install_dir
windows
install_file
server.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
texto da mensagem
message_box_title
título da mensagem
password
abcd1234
regkey_hkcu
HKCU
regkey_hklm
HKLM

Targets

- Target
  
  JaffaCakes118_18f99a12f22126a4ccd0cdc73b4b792e
- Size
  
  392KB
- MD5
  
  18f99a12f22126a4ccd0cdc73b4b792e
- SHA1
  
  4e64be6fdb8402e67aedc25af50b350f556bd55c
- SHA256
  
  38f82b6ce1dea5169ddfffba456d12a7858301e700dad4b792c4757e488a01cf
- SHA512
  
  fc27c18023265cf3afe0962df46119ef0b5d114c363f2f61428cdb508a69bbd20e1688c9f8307f4b6b9ea17d54e174ada46c9b613d298303af2b4f9d7dbc9875
- SSDEEP
  
  6144:bcMqWu2qQ8N1UUJvAO03vM/6DBsKZfD0X8OoDntRVBdyXj6eyGirXGzYMUrt:QM82qQ8BAH3E/iBsxotRxC2t
Score

10^/10

cybergate dragon.boss discovery persistence stealer trojan upx
- CyberGate, Rebhip
  CyberGate is a lightweight remote administration tool with a wide array of functionalities.
  trojan stealer cybergate
- Cybergate family
  cybergate
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cybergatedragon.bossdiscoverypersistencestealertrojanupx

behavioral2

cybergatedragon.bossdiscoverypersistencestealertrojanupx