cybergate | 8030d43468696139f58d9a6e21d30dcd31f05cb4c57cb069d8f2217cc3a36936 | Triage

Submit
Reports

Overview

overview

Static

static

7

173a413506...18.exe

windows7-x64

173a413506...18.exe

windows10-2004-x64

Sharing

General

Target

173a4135068f1d282c9224b5f76badc6_JaffaCakes118
Size

341KB
Sample

240627-x3fn4awepa
MD5

173a4135068f1d282c9224b5f76badc6
SHA1

ef91ba315ae282916a9c41a826c2415b8845f776
SHA256

8030d43468696139f58d9a6e21d30dcd31f05cb4c57cb069d8f2217cc3a36936
SHA512

77f034be524da6585a105e3a74e7a8e04f5521d222de48d9afc8dc2f9aa0247198109e9200a76319383105a120ad69ef930766e053e29f93b73d84c1d6e51384
SSDEEP

6144:F9boVPe7meFN6XuoMVFzgm8aDL0jKoxOqCgBf7h0SwPV6sE:72QmeT6zMVtWKoYwf7KfVlE

Score

10^/10

cybergate rasheed persistence stealer trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

173a4135068f1d282c9224b5f76badc6_JaffaCakes118.exe

Resource

win7-20240508-en

cybergate rasheed persistence stealer trojan upx

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

173a4135068f1d282c9224b5f76badc6_JaffaCakes118.exe

Resource

win10v2004-20240508-en

cybergate rasheed persistence stealer trojan upx

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

cybergate

Version

v1.18.0 - Crack Version

Botnet

Rasheed

C2

angham.no-ip.biz:999

Mutex

2D2142YO6C1T4V

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./logs
ftp_interval
30
injected_process
svchost.exe
install_dir
install
install_file
explorer.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
Avira Antivirus Now Cracked
message_box_title
CyberGate
password
123456
regkey_hkcu
AVIRA
regkey_hklm
SETUP

Targets

- Target
  
  173a4135068f1d282c9224b5f76badc6_JaffaCakes118
- Size
  
  341KB
- MD5
  
  173a4135068f1d282c9224b5f76badc6
- SHA1
  
  ef91ba315ae282916a9c41a826c2415b8845f776
- SHA256
  
  8030d43468696139f58d9a6e21d30dcd31f05cb4c57cb069d8f2217cc3a36936
- SHA512
  
  77f034be524da6585a105e3a74e7a8e04f5521d222de48d9afc8dc2f9aa0247198109e9200a76319383105a120ad69ef930766e053e29f93b73d84c1d6e51384
- SSDEEP
  
  6144:F9boVPe7meFN6XuoMVFzgm8aDL0jKoxOqCgBf7h0SwPV6sE:72QmeT6zMVtWKoYwf7KfVlE
Score

10^/10

cybergate rasheed persistence stealer trojan upx
- CyberGate, Rebhip
  CyberGate is a lightweight remote administration tool with a wide array of functionalities.
  trojan stealer cybergate
- Adds policy Run key to start application
  persistence
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Active Setup

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Active Setup

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

cybergaterasheedpersistencestealertrojanupx

behavioral2

cybergaterasheedpersistencestealertrojanupx

© 2018-2024

Terms | Privacy