cybergate | 7f4db83209749c83d5e252b7dcfffbd05cc7b89728f09f6429f96cf11d109db7 | Triage

Sharing

General

Target

JaffaCakes118_b0c2cbc228c0ce0add2ff3421caa09e5
Size

383KB
Sample

250412-clvfpsvvat
MD5

b0c2cbc228c0ce0add2ff3421caa09e5
SHA1

fb3a1a322a39ec65a04087e1d4875434b09099c6
SHA256

7f4db83209749c83d5e252b7dcfffbd05cc7b89728f09f6429f96cf11d109db7
SHA512

e6e2eb8d5f6c4562ba639469d83fa36717118f64220a3c6a236b02d85ab31e3987ae384db27dc215654f74571777e98fa01bcb238f3cd988d4fb66c162ac4db6
SSDEEP

6144:StaIm2ifCGx6EMPHG0tHjR7GcWzz7Z6LgGby3Syw1zWB0Q6/CygE3Lc5sWRI:S/SxZMPHnVU167by3SX19J/Ci93

Score

10^/10

cybergate remote discovery stealer trojan upx

Malware Config

Extracted

Family

cybergate

Version

v1.07.5

Botnet

remote

C2

g00gl3.zapto.org:1337

g00gl3.zapto.org:81

Mutex

31117K8WDQ6E2K

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./logs/
ftp_interval
30
injected_process
explorer.exe
install_dir
install
install_file
server.exe
install_flag
false
keylogger_enable_ftp
false
message_box_caption
Remote Administration anywhere in the world.
message_box_title
CyberGate
password
victim
regkey_hkcu
HKCU
regkey_hklm
HKLM

Targets

- Target
  
  JaffaCakes118_b0c2cbc228c0ce0add2ff3421caa09e5
- Size
  
  383KB
- MD5
  
  b0c2cbc228c0ce0add2ff3421caa09e5
- SHA1
  
  fb3a1a322a39ec65a04087e1d4875434b09099c6
- SHA256
  
  7f4db83209749c83d5e252b7dcfffbd05cc7b89728f09f6429f96cf11d109db7
- SHA512
  
  e6e2eb8d5f6c4562ba639469d83fa36717118f64220a3c6a236b02d85ab31e3987ae384db27dc215654f74571777e98fa01bcb238f3cd988d4fb66c162ac4db6
- SSDEEP
  
  6144:StaIm2ifCGx6EMPHG0tHjR7GcWzz7Z6LgGby3Syw1zWB0Q6/CygE3Lc5sWRI:S/SxZMPHnVU167by3SX19J/Ci93
Score

10^/10

cybergate remote discovery stealer trojan upx
- CyberGate, Rebhip
  CyberGate is a lightweight remote administration tool with a wide array of functionalities.
  trojan stealer cybergate
- Cybergate family
  cybergate
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cybergateremotediscoverystealertrojanupx