cybergate | 2f5152f1eefd1272f6badb0b08d94aa5bc3ec2925daa62f254aed54a34443494

General

Target

JaffaCakes118_6b10a3f91b34790043294144d3db62d3
Size

704KB
Sample

250312-pr8xhazycx
MD5

6b10a3f91b34790043294144d3db62d3
SHA1

21508c1bb76d2325af09ac1af3f257a9608953ca
SHA256

2f5152f1eefd1272f6badb0b08d94aa5bc3ec2925daa62f254aed54a34443494
SHA512

44107d3f91c662a97e23951b0346c0a53d94c9acdf29826cac0495472b979679c99c07731efd691cadba1d8989ade70e1485092a9536a8d3731c642d9093b94f
SSDEEP

6144:K8PajyiWz7KXsS5hT7hvLyAQB0jAJ3oXXUCHW3bmpR38L+CbJHvD+3rhKHWmq9eg:8jyfHS3T7hDyAQBn4M3bEEXJpHWmY86

Score

10^/10

Malware Config

Extracted

Family

cybergate

Version

2.6

Botnet

ÖÍíÉ

C2

127.0.0.1:288

188.49.81.147:80

Mutex

***MUTEX***

Attributes

enable_keylogger
true
enable_message_box
true
ftp_directory
./logs/
ftp_interval
30
injected_process
svchost.exe
install_file
Win_Xp.exe
install_flag
false
keylogger_enable_ftp
false
message_box_caption
Please try again later.
message_box_title
Error
password
6580424
regkey_hkcu
HKCU
regkey_hklm
HKLM

Targets

- Target
  
  JaffaCakes118_6b10a3f91b34790043294144d3db62d3
- Size
  
  704KB
- MD5
  
  6b10a3f91b34790043294144d3db62d3
- SHA1
  
  21508c1bb76d2325af09ac1af3f257a9608953ca
- SHA256
  
  2f5152f1eefd1272f6badb0b08d94aa5bc3ec2925daa62f254aed54a34443494
- SHA512
  
  44107d3f91c662a97e23951b0346c0a53d94c9acdf29826cac0495472b979679c99c07731efd691cadba1d8989ade70e1485092a9536a8d3731c642d9093b94f
- SSDEEP
  
  6144:K8PajyiWz7KXsS5hT7hvLyAQB0jAJ3oXXUCHW3bmpR38L+CbJHvD+3rhKHWmq9eg:8jyfHS3T7hDyAQBn4M3bEEXJpHWmY86
Score

10^/10

cybergate öííé discovery stealer trojan upx
- CyberGate, Rebhip
  CyberGate is a lightweight remote administration tool with a wide array of functionalities.
  trojan stealer cybergate
- Cybergate family
  cybergate
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

CyberGate, Rebhip

Cybergate family

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2