cybergate | 40390dcb305f6686da435514e793cc0715cac62699bbc7cdf2ed268f050de031 | Triage

Sharing

General

Target

JaffaCakes118_1c93efa729478d689335c0baefe6d6b5
Size

328KB
Sample

250222-14mqkszmbv
MD5

1c93efa729478d689335c0baefe6d6b5
SHA1

d69d130c5e8cd890fbe4c2cef2d5b4a0636c0633
SHA256

40390dcb305f6686da435514e793cc0715cac62699bbc7cdf2ed268f050de031
SHA512

99dd581a4df8f94190cc3341fb56e83c2caef1c5a49b8fdd622865b62c4c396d7b96d8cb58bce69b3ef1c4ea0979695df2603d344a745fa3bf4de549fb68507b
SSDEEP

6144:t2lbPuUeXAwk5Enh7hzFzIWNAphTHQ81GMvBzefEsjPYh3xrUMg7xYap:tCb2cqXF8Wqtw8oEzefEWPYh3xrUMgy

Score

10^/10

cybergate cybergate15444 discovery stealer trojan

Malware Config

Extracted

Family

cybergate

Version

v1.07.5

Botnet

CyberGate15444

C2

danaibrahim.zapto.org:15444

Mutex

678M2K55E762P6

Attributes

enable_keylogger
true
enable_message_box
true
ftp_directory
./logs/
ftp_interval
30
injected_process
explorer.exe
install_dir
install
install_file
bader.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
Windows can't open this application!
message_box_title
Error
password
14931
regkey_hkcu
HKCU
regkey_hklm
HKLM

Targets

- Target
  
  JaffaCakes118_1c93efa729478d689335c0baefe6d6b5
- Size
  
  328KB
- MD5
  
  1c93efa729478d689335c0baefe6d6b5
- SHA1
  
  d69d130c5e8cd890fbe4c2cef2d5b4a0636c0633
- SHA256
  
  40390dcb305f6686da435514e793cc0715cac62699bbc7cdf2ed268f050de031
- SHA512
  
  99dd581a4df8f94190cc3341fb56e83c2caef1c5a49b8fdd622865b62c4c396d7b96d8cb58bce69b3ef1c4ea0979695df2603d344a745fa3bf4de549fb68507b
- SSDEEP
  
  6144:t2lbPuUeXAwk5Enh7hzFzIWNAphTHQ81GMvBzefEsjPYh3xrUMg7xYap:tCb2cqXF8Wqtw8oEzefEWPYh3xrUMgy
Score

10^/10

cybergate cybergate15444 discovery stealer trojan
- CyberGate, Rebhip
  CyberGate is a lightweight remote administration tool with a wide array of functionalities.
  trojan stealer cybergate
- Cybergate family
  cybergate
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cybergatecybergate15444discoverystealertrojan

behavioral2