MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2d725c799e8787ef98e26cb025144cbe405aef31bc4ddd2011c80c09efa87400. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

CyberGate

Vendor detections: 4

Intelligence 4 IOCs YARA 5 File information Comments

SHA256 hash:	2d725c799e8787ef98e26cb025144cbe405aef31bc4ddd2011c80c09efa87400
SHA3-384 hash:	ab5a664b106ecb7417fd6f9b08dbd090c714273834c576e7c1f449cd7a60d5449246af4445bd81ce393de18c78866a29
SHA1 hash:	0620ca65d7192e17837ca254d9097f760946d84f
MD5 hash:	c50289ae23d0efcb2beb931e02308bed
humanhash:	asparagus-ink-six-violet
File name:	2d725c799e8787ef98e26cb025144cbe405aef31bc4ddd2011c80c09efa87400
Download:	download sample
Signature	CyberGate Create hunting rule
File size:	1'710'979 bytes
First seen:	2020-06-10 07:33:04 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	73d12a96fab08773e2657237992c3c27 (2 x njrat, 1 x CyberGate, 1 x DCRat)
ssdeep	24576:j9kZWCMuo4dTVOrZhXnCEoSKl2yGa0qAQ8vhY8h2zzP2fSAd+09qHmQbwIpmM:FWOrZhXnyZGI8Zh2zzP2an04GQkmP
Threatray	317 similar samples on MalwareBazaar
TLSH	4885CF10BACA7DE0E99B04718DB3F324522CFD2C6AA55E827E4E21261B750D3363D56F
Reporter	JAMESWT_WT
Tags:	CyberGate

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Gathering data

Threat name:

Win32.Trojan.Graftor

Status:

Malicious

First seen:

2020-06-04 11:06:38 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

41 of 48 (85.42%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=fvzfy6m6q6d67ghcnsyckfcmxzafv3zrxrg52iarzagat35ioqaa._file

Verdict:

malicious

CyberGate

266be67338e5e20e0d9eab7a3dfdc11c65f6ee3d2d572b0a5857921d4b7dbdc7

CyberGate

5e4cb5b794577345c50a2012ee0ece2301012527d17646d984a253781bcd39c9

CyberGate

689290a8b842a0fd09f5ce00654d64d70d0be3e19e2ca60d5dd3d199d3e09054

CyberGate

9f452d7d0048825bc6a35952dd645d68e6b5788858481998c660b8b31d1e1b63

CyberGate

b833d79953fe177a48a5832ce2606c41d00f0d5b9bd31ceb25d3055a3850c2f7

CyberGate

d33a9b8def5c0bc379362bf5924cd9697d2b219bcc412399814b160f9627c3c3

CyberGate

ed34d4eba0bc7d434f32bb9bca0147632592656ddf0c2aa892fbee54b0850ff1

CyberGate

f40b9e6f7cfed63bba3b6eae6b0403ab26906caa77830027ed39a05918c4b877

CyberGate

fcbdafcedb7e9d18b0c8b640e375975320e6f74fd4170fea17b2ca210215d855

CyberGate

+ 307 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

8/10

Tags:

persistence upx

Link:

https://tria.ge/reports/201109-vjn4vel63s/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Adds Run key to start application

Loads dropped DLL

Adds policy Run key to start application

Executes dropped EXE

Modifies Installed Components in the registry

UPX packed file

Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	Malware_QA_update Create hunting rule
Author:	Florian Roth
Description:	VT Research QA uploaded malware - file update.exe
Reference:	VT Research QA

Rule name:	RAT_CyberGate Create hunting rule
Author:	Kevin Breen <kevin@techanarchy.net>
Description:	Detects CyberGate RAT
Reference:	http://malwareconfig.com/stats/CyberGate

Rule name:	suspicious_packer_section Create hunting rule
Author:	@j0sm1
Description:	The packer/protector section names/keywords
Reference:	http://www.hexacorn.com/blog/2012/10/14/random-stats-from-1-2m-samples-pe-section-names/

Rule name:	win_cybergate_auto Create hunting rule
Author:	Felix Bilstein - yara-signator at cocacoding dot com
Description:	autogenerated rule brought to you by yara-signator

Rule name:	win_cybergate_w0 Create hunting rule
Author:	Kevin Breen <kevin@techanarchy.net>

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample