cybergate | 59529d8437321dd60f012d897d9c8555135c51cd654576e6eca18bd1db9835e5

General

Target

JaffaCakes118_7d123a6cea56c134196f1e17bda73768
Size

288KB
Sample

250317-gjc6vsssgs
MD5

7d123a6cea56c134196f1e17bda73768
SHA1

ffd6ffa08dbd4e533ecf3dbd8c09ad6cdb38bf6c
SHA256

59529d8437321dd60f012d897d9c8555135c51cd654576e6eca18bd1db9835e5
SHA512

d4d1c914c31ca9a20af48d55c9e4c682c7b928f094c3266f8fcd8b0087b65bc496c156e45ea003a7645fd91896464bbc6ca7e649403b65f80e792c4e46b2b5fc
SSDEEP

6144:zrNz9gf9mCPDvjR1bhcQdO4YfxpfN/+QCXS3Ldx+5mTa6Ll3TZv2G5:zrNpgACThcKPUjfN/+QCXATkmTaq9v75

Score

10^/10

Malware Config

Extracted

Family

cybergate

Version

v1.01.0

Botnet

Cyber

C2

0o3.no-ip.org:82

Mutex

Update

Attributes

enable_keylogger
false
enable_message_box
false
ftp_directory
./logs/
ftp_interval
30
injected_process
explorer.exe
install_dir
Winbooterr
install_file
scvhost.exe
install_flag
true
keylogger_enable_ftp
false
password
123456

Targets

- Target
  
  JaffaCakes118_7d123a6cea56c134196f1e17bda73768
- Size
  
  288KB
- MD5
  
  7d123a6cea56c134196f1e17bda73768
- SHA1
  
  ffd6ffa08dbd4e533ecf3dbd8c09ad6cdb38bf6c
- SHA256
  
  59529d8437321dd60f012d897d9c8555135c51cd654576e6eca18bd1db9835e5
- SHA512
  
  d4d1c914c31ca9a20af48d55c9e4c682c7b928f094c3266f8fcd8b0087b65bc496c156e45ea003a7645fd91896464bbc6ca7e649403b65f80e792c4e46b2b5fc
- SSDEEP
  
  6144:zrNz9gf9mCPDvjR1bhcQdO4YfxpfN/+QCXS3Ldx+5mTa6Ll3TZv2G5:zrNpgACThcKPUjfN/+QCXATkmTaq9v75
Score

10^/10

cybergate cyber stealer trojan upx discovery
- CyberGate, Rebhip
  CyberGate is a lightweight remote administration tool with a wide array of functionalities.
  trojan stealer cybergate
- Cybergate family
  cybergate
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Drops file in System32 directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

CyberGate, Rebhip

Cybergate family

Checks computer location settings

Executes dropped EXE

Drops file in System32 directory

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2