cybergate | d61afdb2d8ae829dcec184a2232eb1d77aa34e4071ff4955ac3abf847ac5142a | Triage

Submit
Reports

Overview

overview

Static

static

3

1993ed6335...18.exe

windows7-x64

1993ed6335...18.exe

windows10-2004-x64

Sharing

General

Target

1993ed6335b394bab2547b5fb9a1eb43_JaffaCakes118
Size

3.1MB
Sample

240628-k6qx1svann
MD5

1993ed6335b394bab2547b5fb9a1eb43
SHA1

a2d2bb6af893574f55cce3aaa2e193cfa63a9942
SHA256

d61afdb2d8ae829dcec184a2232eb1d77aa34e4071ff4955ac3abf847ac5142a
SHA512

3e8323c772ae7e1c3f77d01679a3ce6dd4d4c78d34a190ed3c784bc802961671a59aa2838b610fd4a5417093e2ce075c8af943dc8bc3feeb9635e43b4edeedc2
SSDEEP

24576:OLN0Wr9UMspmBzVJo0NyrSdOjDgEHiWsRsiZ2rNXsKt+I8AIao25t2v/qi5CnCVC:+uoUGPytgTXZOt+IMBHqhEN

Score

10^/10

cybergate cybergate victims persistence stealer trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1993ed6335b394bab2547b5fb9a1eb43_JaffaCakes118.exe

Resource

win7-20231129-en

cybergate cybergate victims persistence stealer trojan upx

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

1993ed6335b394bab2547b5fb9a1eb43_JaffaCakes118.exe

Resource

win10v2004-20240508-en

cybergate cybergate victims persistence stealer trojan upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

cybergate

Version

v1.07.5

Botnet

CyberGate Victims

C2

ownyamom.no-ip.biz:100

Mutex

YYH403576L2BEA

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./logs/
ftp_interval
30
injected_process
explorer.exe
install_dir
winupdates
install_file
updates.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
Remote Administration anywhere in the world.
message_box_title
CyberGate
password
123456

Targets

- Target
  
  1993ed6335b394bab2547b5fb9a1eb43_JaffaCakes118
- Size
  
  3.1MB
- MD5
  
  1993ed6335b394bab2547b5fb9a1eb43
- SHA1
  
  a2d2bb6af893574f55cce3aaa2e193cfa63a9942
- SHA256
  
  d61afdb2d8ae829dcec184a2232eb1d77aa34e4071ff4955ac3abf847ac5142a
- SHA512
  
  3e8323c772ae7e1c3f77d01679a3ce6dd4d4c78d34a190ed3c784bc802961671a59aa2838b610fd4a5417093e2ce075c8af943dc8bc3feeb9635e43b4edeedc2
- SSDEEP
  
  24576:OLN0Wr9UMspmBzVJo0NyrSdOjDgEHiWsRsiZ2rNXsKt+I8AIao25t2v/qi5CnCVC:+uoUGPytgTXZOt+IMBHqhEN
Score

10^/10

cybergate cybergate victims persistence stealer trojan upx
- CyberGate, Rebhip
  CyberGate is a lightweight remote administration tool with a wide array of functionalities.
  trojan stealer cybergate
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

cybergatecybergate victimspersistencestealertrojanupx

behavioral2

cybergatecybergate victimspersistencestealertrojanupx

© 2018-2024

Terms | Privacy