cybergate | 1e1295e589fc37cc1f51b0f5716a33800d426af471cbf40231ed1e1dba9bf72a

General

Target

Spy-Net v2.6.zip
Size

2.3MB
Sample

240629-yfvp6svamd
MD5

6dc430b1b145bda0be280796985c753a
SHA1

417d0f8f8a92bca754357e4fa6d484361c408af3
SHA256

1e1295e589fc37cc1f51b0f5716a33800d426af471cbf40231ed1e1dba9bf72a
SHA512

5d3b501a514a0ac61738e708d5a95fab43ea97a4bc808633475a0e41515876808d039866d8d88b81f98840100b3e32da7483e373824be4ad71007bd29b666476
SSDEEP

49152:fEb/PuDXuG1D0FKxovR/fyjIe61BKfnhPg5acJjb7ND69a3D4Dg:fEbn6uGyFLp3yjI/O4IwjkPg

Score

10^/10

Malware Config

Extracted

Family

cybergate

Version

2.6

Botnet

vítima

C2

127.0.0.1:81

Mutex

***MUTEX***

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./logs/
ftp_interval
30
injected_process
explorer.exe
install_dir
install
install_file
server.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
texto da mensagem
message_box_title
título da mensagem
password
abcd1234

Targets

- Target
  
  Spy-Net v2.6/Spy-Net v2.6/SpyNet.exe
- Size
  
  2.0MB
- MD5
  
  98de7bcad1ba2caf74007bd97bc2b505
- SHA1
  
  8a79d06159a339313b810f23835b8417429dd356
- SHA256
  
  e4b3b3e72bd3bf4052a3136cb811ea54923bc2d7807709992e0345743d49ced8
- SHA512
  
  ef57cc4f0ad4bf1f54baaf7213bf868c418eebfb0eee3c32ff376b67d5d5337c35a94a1418951d82aae371820ce37eade7cf0a74ce54a4198e18327bd232a35d
- SSDEEP
  
  49152:GhwHJZqdp7orGOA0jhE6wSZCTIzY7wXSxQ5E+X6Oftn/Z9s0K:GhwHJZUp7orG90NE6KIM7wXr5EI6OR/7
Score

7^/10

upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1
- Target
  
  Spy-Net v2.6/Spy-Net v2.6/server.exe
- Size
  
  276KB
- MD5
  
  8bc332cc10a39d51339fd05b28c9548f
- SHA1
  
  2418e22e95966786d2fcd4a086fa5ffbf099f55a
- SHA256
  
  e69d0aa27378192017324d6748de04c9024a2254b599e93c22815e145b28dbc2
- SHA512
  
  dbb62e502fd7fc8e5c9a37da78a01d444cf87428f841dbe8ff18d54c4088e9ab92edb921b74a59c0e274ae647ed703a0afdce47739616865b59eeee1e7de05b4
- SSDEEP
  
  6144:Ck4qm47Ag4phnrxg/3mwvuzTMD7XmE1o+5kjoMY6Ox:99nqhndwEzgHjG
Score

10^/10

cybergate vítima persistence stealer trojan upx
- CyberGate, Rebhip
  CyberGate is a lightweight remote administration tool with a wide array of functionalities.
  trojan stealer cybergate
- Adds policy Run key to start application
  persistence
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral2
- Target
  
  Spy-Net v2.6/Spy-Net v2.6/sqlite3.dll
- Size
  
  171KB
- MD5
  
  744dcc4cbbfbb18fe3878c4e769ec48f
- SHA1
  
  c1f2c56ee2d91203a01d3465f185295477a1217d
- SHA256
  
  33eb31a2a576e663474a895ff0190316c64a93d9ce05a55df0d53f9beeb61163
- SHA512
  
  706630be2ca09e574a7794e32e515a0a3f993643d034647b8cb976c1e7045e87e30362757cc65fcdb95f4a4327f0dcda3edc82ba84e5ed9115870a037e13af21
- SSDEEP
  
  3072:4yOtgCNPbAHuzueAlwsKmiiEHpmBt7tjBwHH1ELXvSsmB8teUOhKJz4ZKJNCT1xe:FOtRsOz2xKmGH8JBwn+2smB1Uf8Kurb
Score

7^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral3

MITRE ATT&CK Matrix ATT&CK v13

Tasks

Sharing

General

Malware Config

Extracted

Targets

Checks computer location settings

UPX packed file

CyberGate, Rebhip

Adds policy Run key to start application

Boot or Logon Autostart Execution: Active Setup

Checks computer location settings

Executes dropped EXE

UPX packed file

UPX packed file

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3