cybergate | 07b353dc8a0a588a6197007d7608af3395cb0deb0f4389aef644b428bc0461ee | Triage

Sharing

General

Target

JaffaCakes118_44fd95d424bf0e4c87cbbfe17c7aef63
Size

477KB
Sample

250128-al952szrbw
MD5

44fd95d424bf0e4c87cbbfe17c7aef63
SHA1

44d5b014aeea6e4fa0c090eef551bc4599311636
SHA256

07b353dc8a0a588a6197007d7608af3395cb0deb0f4389aef644b428bc0461ee
SHA512

eacdb8565b6449540ee47831d9a85c0b43a2e32a89bd3d7903482b7e19f225910f84ff569b7e032061e23eeb8e4264a15233a96b8c02ecf1047f0073357c80b3
SSDEEP

6144:zPuM/3SQ6PxDg8L+6hS4rjTindZNdwdr06pDO50fAh5IWis3LBxInYMSVSQ7ygxf:qAapPL+OS6/IZNWPDchUs3LB57Lxf

Score

10^/10

cybergate remote discovery stealer trojan upx

Malware Config

Extracted

Family

cybergate

Version

v3.4.2.2

Botnet

remote

C2

64.27.3.109:6666

Mutex

YTIM562R318H17

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./logs
ftp_interval
30
injected_process
explorer.exe
install_dir
install
install_file
winlogon.exe
install_flag
false
keylogger_enable_ftp
false
message_box_caption
Remote Administration anywhere in the world.
message_box_title
CyberGate
password
cybergate

Targets

- Target
  
  JaffaCakes118_44fd95d424bf0e4c87cbbfe17c7aef63
- Size
  
  477KB
- MD5
  
  44fd95d424bf0e4c87cbbfe17c7aef63
- SHA1
  
  44d5b014aeea6e4fa0c090eef551bc4599311636
- SHA256
  
  07b353dc8a0a588a6197007d7608af3395cb0deb0f4389aef644b428bc0461ee
- SHA512
  
  eacdb8565b6449540ee47831d9a85c0b43a2e32a89bd3d7903482b7e19f225910f84ff569b7e032061e23eeb8e4264a15233a96b8c02ecf1047f0073357c80b3
- SSDEEP
  
  6144:zPuM/3SQ6PxDg8L+6hS4rjTindZNdwdr06pDO50fAh5IWis3LBxInYMSVSQ7ygxf:qAapPL+OS6/IZNWPDchUs3LB57Lxf
Score

10^/10

cybergate remote discovery stealer trojan upx
- CyberGate, Rebhip
  CyberGate is a lightweight remote administration tool with a wide array of functionalities.
  trojan stealer cybergate
- Cybergate family
  cybergate
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cybergateremotediscoverystealertrojanupx

behavioral2

cybergateremotediscoverystealertrojanupx