cybergate | 978120e164b27555838cc38b3ea91aa0c286cb61228b5c0f0dba30ac1c807e8e | Triage

Submit
Reports

Overview

overview

Static

static

3

0806b29c44...18.exe

windows7-x64

0806b29c44...18.exe

windows10-2004-x64

Sharing

General

Target

0806b29c44e2328b884d8f3d1733ab98_JaffaCakes118
Size

1.4MB
Sample

240624-mqmxjaxgrd
MD5

0806b29c44e2328b884d8f3d1733ab98
SHA1

3720afe7fcddb259001fc0546f0a51b31c888e34
SHA256

978120e164b27555838cc38b3ea91aa0c286cb61228b5c0f0dba30ac1c807e8e
SHA512

37e3497336a303bc0fbd31162696b86cfe8fe11fc187edcc1e3095a181bc0e59468293e151c031ae4885f48fd138f37489af78da927b9afea9e295a7c2a7bfe7
SSDEEP

24576:/l3puR/jIzc/y6dW2fVH+/FI2c65wgPlEo/CAv4kswYdbCx2j86DPOd:/38/jIqJfA/Fk6p9EuCAvmdG27Od

Score

10^/10

cybergate cyber stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

0806b29c44e2328b884d8f3d1733ab98_JaffaCakes118.exe

Resource

win7-20240220-en

cybergate cyber stealer trojan

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

0806b29c44e2328b884d8f3d1733ab98_JaffaCakes118.exe

Resource

win10v2004-20240508-en

cybergate cyber stealer trojan

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

cybergate

Version

v1.07.5

Botnet

Cyber

C2

ownedagain.no-ip.biz:2333

127.0.0.1:2333

Mutex

D512UPORS20W4Y

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./logs/
ftp_interval
30
injected_process
Svchost.exe
install_dir
Svchosts
install_file
Svchost.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
Remote Administration anywhere in the world.
message_box_title
CyberGate
password
123456
regkey_hkcu
HKCU
regkey_hklm
HKLM

Targets

- Target
  
  0806b29c44e2328b884d8f3d1733ab98_JaffaCakes118
- Size
  
  1.4MB
- MD5
  
  0806b29c44e2328b884d8f3d1733ab98
- SHA1
  
  3720afe7fcddb259001fc0546f0a51b31c888e34
- SHA256
  
  978120e164b27555838cc38b3ea91aa0c286cb61228b5c0f0dba30ac1c807e8e
- SHA512
  
  37e3497336a303bc0fbd31162696b86cfe8fe11fc187edcc1e3095a181bc0e59468293e151c031ae4885f48fd138f37489af78da927b9afea9e295a7c2a7bfe7
- SSDEEP
  
  24576:/l3puR/jIzc/y6dW2fVH+/FI2c65wgPlEo/CAv4kswYdbCx2j86DPOd:/38/jIqJfA/Fk6p9EuCAvmdG27Od
Score

10^/10

cybergate cyber stealer trojan
- CyberGate, Rebhip
  CyberGate is a lightweight remote administration tool with a wide array of functionalities.
  trojan stealer cybergate
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

cybergatecyberstealertrojan

behavioral2

cybergatecyberstealertrojan

© 2018-2024

Terms | Privacy