cybergate | e43060350ed3417db86adee4c0464a5e30fe97080d5967c9afb302ec860a1083

General

Target

JaffaCakes118_21a3a88940645952f01a76e632b78fc6
Size

388KB
Sample

250124-p6myksyrez
MD5

21a3a88940645952f01a76e632b78fc6
SHA1

8a340e827552d74b699c5dacbbca100691fd9eb7
SHA256

e43060350ed3417db86adee4c0464a5e30fe97080d5967c9afb302ec860a1083
SHA512

b985c2acf451454298c049a320f93e932aadb41e9ab7eb8dc3046a98b53786baef7560d12d093d1051b0c1838f54bb12acbd5cdc91f787a80d2e7343c3dc40e3
SSDEEP

12288:8l4LcSJOLso4V7IcdFcF9bpXBfqDy/AV57duC:KSJHuVpqDy/AV578C

Score

10^/10

Malware Config

Extracted

Family

cybergate

Version

v1.18.0 - Crack Version

Botnet

remote

C2

78.108.51.79:81

78.108.51.79:90

Mutex

URQ70SPT58J0B1

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./logs
ftp_interval
30
injected_process
explorer.exe
install_dir
Macromedia
install_file
sidebar.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
Remote Administration anywhere in the world.
message_box_title
CyberGate
password
ladyinred

Targets

- Target
  
  JaffaCakes118_21a3a88940645952f01a76e632b78fc6
- Size
  
  388KB
- MD5
  
  21a3a88940645952f01a76e632b78fc6
- SHA1
  
  8a340e827552d74b699c5dacbbca100691fd9eb7
- SHA256
  
  e43060350ed3417db86adee4c0464a5e30fe97080d5967c9afb302ec860a1083
- SHA512
  
  b985c2acf451454298c049a320f93e932aadb41e9ab7eb8dc3046a98b53786baef7560d12d093d1051b0c1838f54bb12acbd5cdc91f787a80d2e7343c3dc40e3
- SSDEEP
  
  12288:8l4LcSJOLso4V7IcdFcF9bpXBfqDy/AV57duC:KSJHuVpqDy/AV578C
Score

10^/10

cybergate remote discovery stealer trojan upx
- CyberGate, Rebhip
  CyberGate is a lightweight remote administration tool with a wide array of functionalities.
  trojan stealer cybergate
- Cybergate family
  cybergate
- Drops startup file
- Drops file in System32 directory
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

CyberGate, Rebhip

Cybergate family

Drops startup file

Drops file in System32 directory

Suspicious use of SetThreadContext

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2