cybergate | 5fc0ad23b2e5fc626717ea72ae873efb5d351077bb1c4269a902c9fa73538454 | Triage

Submit
Reports

Overview

overview

Static

static

7

1be1c44d54...18.exe

windows7-x64

1be1c44d54...18.exe

windows10-2004-x64

Sharing

General

Target

1be1c44d54b77212c3a57250b4b359fa_JaffaCakes118
Size

923KB
Sample

240701-v3fyrazgrb
MD5

1be1c44d54b77212c3a57250b4b359fa
SHA1

5a2696074e4def5c7d0b2e178d48e3088449829c
SHA256

5fc0ad23b2e5fc626717ea72ae873efb5d351077bb1c4269a902c9fa73538454
SHA512

b907e8ce8289cb9cacbb4c2795c2cc6d9c22c77c86ad623dfc90040dcd37d4fcf2f373ae1997861a1630576aeda06efe10a3ed3369a88688c3a2f0e6c06cb50c
SSDEEP

24576:2RfdI2PQKmqn70jhXFXUcLu2eG/tMTi1ISRjp65/v:2HJYKmqn70jhXFXUcLu27VMwv453

Score

10^/10

cybergate deise persistence stealer trojan upx

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

1be1c44d54b77212c3a57250b4b359fa_JaffaCakes118.exe

Resource

win7-20240611-en

cybergate deise persistence stealer trojan upx

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

1be1c44d54b77212c3a57250b4b359fa_JaffaCakes118.exe

Resource

win10v2004-20240611-en

cybergate deise persistence stealer trojan upx

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

cybergate

Version

2.6

Botnet

Deise

C2

operspicaz.no-ip.org:1982

Mutex

Java(TM) Plarform SE 7 U32

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./day_cristina/keyloguer/
ftp_interval
30
ftp_password
netempresa@12*
ftp_port
21
ftp_server
ftp.installwarebusiness.com.br
ftp_username
installwarebusiness
injected_process
jusched.exe
install_dir
Java\jre6\bin
install_file
Java(TM).exe
install_flag
true
keylogger_enable_ftp
true
message_box_caption
Curioso(a)? ti enganei hahahahaha
message_box_title
Enganado(a)
password
abcd1234
regkey_hklm
Java(TM) Plarform SE 7 U32

Targets

- Target
  
  1be1c44d54b77212c3a57250b4b359fa_JaffaCakes118
- Size
  
  923KB
- MD5
  
  1be1c44d54b77212c3a57250b4b359fa
- SHA1
  
  5a2696074e4def5c7d0b2e178d48e3088449829c
- SHA256
  
  5fc0ad23b2e5fc626717ea72ae873efb5d351077bb1c4269a902c9fa73538454
- SHA512
  
  b907e8ce8289cb9cacbb4c2795c2cc6d9c22c77c86ad623dfc90040dcd37d4fcf2f373ae1997861a1630576aeda06efe10a3ed3369a88688c3a2f0e6c06cb50c
- SSDEEP
  
  24576:2RfdI2PQKmqn70jhXFXUcLu2eG/tMTi1ISRjp65/v:2HJYKmqn70jhXFXUcLu27VMwv453
Score

10^/10

cybergate deise persistence stealer trojan upx
- CyberGate, Rebhip
  CyberGate is a lightweight remote administration tool with a wide array of functionalities.
  trojan stealer cybergate
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

cybergatedeisepersistencestealertrojanupx

behavioral2

cybergatedeisepersistencestealertrojanupx

© 2018-2024

Terms | Privacy