MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d7ca6a9d5e44cbb1ab5b1badecf0a6ab023e6e562a2089ebde235f181d85fbe1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Cybergate


Vendor detections: 14


Intelligence 14 IOCs 1 YARA 6 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d7ca6a9d5e44cbb1ab5b1badecf0a6ab023e6e562a2089ebde235f181d85fbe1
SHA3-384 hash: 645c074d6c0fdf75605c1b84bdd008ac6d4e14685ef2125e47289cf192c0e64144fdf577fda23ce0998f5b75c77acc42
SHA1 hash: df6e478dace0cf3a8117a34c11bd5a725b8d7ace
MD5 hash: 66a87b563d106753301b349a883eb8f7
humanhash: mike-grey-juliet-east
File name:D7CA6A9D5E44CBB1AB5B1BADECF0A6AB023E6E562A208.exe
Download: download sample
Signature Cybergate
Create hunting rule
File size:434'597 bytes
First seen:2022-07-26 02:51:36 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash b933ae8a43209add82755dbf35ea2600 (1 x Cybergate)
ssdeep 12288:zQsboe9nYIEE+T7TdkQjKm0nsJgNpvTcuE6RsI7P:EFWYtE+7dkQ4YgHwuE6R17P
TLSH T12894E037E2A078EBC30798BD59C154837F2FA483D512885C869AB7557E02463E6FC73A
TrID 82.7% (.EXE) Win32 Executable Microsoft Visual Basic 6 (82067/2/8)
6.6% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
4.5% (.EXE) Win32 Executable (generic) (4505/5/1)
2.0% (.EXE) OS/2 Executable (generic) (2029/13)
2.0% (.EXE) Generic Win/DOS Executable (2002/3)
File icon (PE):PE icon
dhash icon 1003873d31213f10 (142 x DarkCloud, 132 x GuLoader, 35 x a310Logger)
Reporter abuse_ch
Tags:CyberGate exe


Avatar
abuse_ch
Cybergate C2:
201.236.188.142:200

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOCThreatFox Reference
201.236.188.142:200 https://threatfox.abuse.ch/ioc/839622/

Intelligence

File Origin
# of uploads :
1
# of downloads :
329
Origin country :
n/a
Vendor Threat Intelligence
Detection:
CyberGate
Create hunting rule
Link:
https://www.capesandbox.com/analysis/294153/
Detection(s):
Win.Packed.Johnnie-9835863-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Сreating synchronization primitives
Creating a window
Unauthorized injection to a recently created process
Creating a file in the Windows subdirectories
Creating a file in the %temp% directory
Launching a process
Searching for synchronization primitives
Enabling the 'hidden' option for recently created files
Creating a file in the %AppData% directory
DNS request
Creating a process from a recently created file
Sending a custom TCP request
Setting browser functions hooks
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Enabling autorun
Unauthorized injection to a system process
Unauthorized injection to a browser process
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
obfuscated overlay
Link:
https://www.filescan.io/uploads/62df56d6cfc30516768c4658/reports/fa9cd945-b52d-4083-a743-85e36f1cc0a6/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Rebhip
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/35c2e778-0a5c-4ce8-b847-b31e4050b27c
Result
Threat name:
CyberGate
Create hunting rule
Detection:
malicious
Classification:
rans.troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1040794
Signature
Allocates memory in foreign processes
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Antivirus detection for URL or domain
C2 URLs / IPs found in malware configuration
Contain functionality to detect virtual machines
Contains functionality to inject threads in other processes
Contains functionality to register a low level keyboard hook
Creates a thread in another existing process (thread injection)
Creates an autostart registry key pointing to binary in C:\Windows
Creates an undocumented autostart registry key
Drops executables to the windows directory (C:\Windows) and starts them
Found evasive API chain (may stop execution after checking mutex)
Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)
Injects a PE file into a foreign processes
Injects code into the Windows Explorer (explorer.exe)
Machine Learning detection for dropped file
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Potential malicious icon found
Snort IDS alert for network traffic
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Writes to foreign memory regions
Yara detected CyberGate RAT
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 673288 Sample: D7CA6A9D5E44CBB1AB5B1BADECF... Startdate: 26/07/2022 Architecture: WINDOWS Score: 100 51 3d70020ba42e.sn.mynetname.net 2->51 61 Snort IDS alert for network traffic 2->61 63 Potential malicious icon found 2->63 65 Malicious sample detected (through community Yara rule) 2->65 67 10 other signatures 2->67 12 D7CA6A9D5E44CBB1AB5B1BADECF0A6AB023E6E562A208.exe 2->12         started        signatures3 process4 signatures5 73 Found evasive API chain (may stop execution after checking mutex) 12->73 75 Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors) 12->75 77 Contain functionality to detect virtual machines 12->77 79 2 other signatures 12->79 15 D7CA6A9D5E44CBB1AB5B1BADECF0A6AB023E6E562A208.exe 5 4 12->15         started        process6 file7 47 C:\Windows\install\Microsoft OneDrive.exe, PE32 15->47 dropped 49 C:\...\Microsoft OneDrive.exe:Zone.Identifier, ASCII 15->49 dropped 53 Creates an undocumented autostart registry key 15->53 55 Injects code into the Windows Explorer (explorer.exe) 15->55 57 Creates an autostart registry key pointing to binary in C:\Windows 15->57 59 4 other signatures 15->59 19 explorer.exe 3 15->19 injected 21 explorer.exe 15->21         started        signatures8 process9 process10 23 Microsoft OneDrive.exe 19->23         started        26 Microsoft OneDrive.exe 19->26         started        28 Microsoft OneDrive.exe 19->28         started        signatures11 69 Injects a PE file into a foreign processes 23->69 30 Microsoft OneDrive.exe 23->30         started        33 Microsoft OneDrive.exe 26->33         started        71 Drops executables to the windows directory (C:\Windows) and starts them 28->71 35 Microsoft OneDrive.exe 28->35         started        process12 signatures13 81 Creates a thread in another existing process (thread injection) 30->81 83 Injects a PE file into a foreign processes 30->83 37 explorer.exe 30->37         started        85 Injects code into the Windows Explorer (explorer.exe) 33->85 87 Writes to foreign memory regions 33->87 89 Allocates memory in foreign processes 33->89 39 explorer.exe 33->39         started        41 MpCmdRun.exe 1 35->41         started        43 explorer.exe 35->43         started        process14 process15 45 conhost.exe 41->45         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d7ca6a9d5e44cbb1ab5b1badecf0a6ab023e6e562a2089ebde235f181d85fbe1/
Threat name:
Win32.Trojan.VBinder
Create hunting rule
Status:
Malicious
First seen:
2022-06-16 15:49:01 UTC
File Type:
PE (Exe)
Extracted files:
7
AV detection:
24 of 26 (92.31%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=27fgvhk6itf3dk23dow6z4fgvmbd43swfiqit266enprqhmf7pqq._file
Verdict:
malicious
Result
Malware family:
cybergate
Create hunting rule
Score:
  10/10
Tags:
family:cybergate botnet:profesores u persistence stealer trojan upx
Link:
https://tria.ge/reports/220726-dcqxladbdk/
Behaviour
Checks processor information in registry
Enumerates system info in registry
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Program crash
Drops file in Windows directory
Suspicious use of SetThreadContext
Adds Run key to start application
Checks computer location settings
Loads dropped DLL
Adds policy Run key to start application
Executes dropped EXE
Modifies Installed Components in the registry
UPX packed file
CyberGate, Rebhip
Suspicious use of NtCreateProcessExOtherParentProcess
Malware Config
C2 Extraction:
3d70020ba42e.sn.mynetname.net:200
Unpacked files
SH256 hash:
58f36221eed2cc03ce8ef728609ea220b2e55ac39646f81a5784c7ac6c144e54
MD5 hash:
387365ce0be7d9a203ffc92421080d7e
SHA1 hash:
ea1b1a314b2cbdb6bd316bf5de888c92de046183
Link:
https://www.unpac.me/results/a39779ef-589a-4669-9bc1-f644d22c5163/
SH256 hash:
6e36334131088c98226acfa0ac1591ff079ccee4066cb6781257c04454dbc3fb
MD5 hash:
895575e87f401747f1cbe966a050fed2
SHA1 hash:
439ebfda03228583e00ff6afe92f0e4a6f379168
Link:
https://www.unpac.me/results/a39779ef-589a-4669-9bc1-f644d22c5163/
SH256 hash:
fc50cb7d6cb4f18992363fcba1473464f526d5c574f4bfbdbed9e025a2072bbe
MD5 hash:
6953ffcb135a8355e6e6ad6531ec8e39
SHA1 hash:
8dea89a2c585db0c1a00666a3bf9f06b50d79f1c
Link:
https://www.unpac.me/results/a39779ef-589a-4669-9bc1-f644d22c5163/
Parent samples :
374e1cfd4204ff7833ca74d99952f6db74568966be4456c9c44342c8ee3dc53b
4849a87ca8fad6688bd6a58e0d8e2adb6a5964f73f6e75e93e449b2bd20b0be1
9e424c1f93f1964a2b158bbd626ccf9e2722618710c3d80049c733430fc33045
4d65167b0dac62522df345d9281a57a07fa17d85a4a703c6d4dcc9d069be1520
0722a71d9251b626a8c066963a19fe6db4711227c803afc40402c3a3e0fb51fd
dbc1e78c7644c07e178acd09bc3b02c230dba253dab5e45e5bcbf4be120a05bc
aed92a8301931959100a1bb8c52251df2fdddaf8b76ab34b6f24d7bbe58a4fe6
9f6bfc2fbaae486d17176d483f57d76e56b615ca02126be0d4a5ab7ade452aa9
8cd34d3806c08de78b9fc96bd1a99a5dbb8ce452fa92c4fee2c5ae5194237fa0
b0c56418408d162c42534fa17cce5ea36fe7dfce91c610027f252ce61377e96e
SH256 hash:
fc50cb7d6cb4f18992363fcba1473464f526d5c574f4bfbdbed9e025a2072bbe
MD5 hash:
6953ffcb135a8355e6e6ad6531ec8e39
SHA1 hash:
8dea89a2c585db0c1a00666a3bf9f06b50d79f1c
Link:
https://www.unpac.me/results/a39779ef-589a-4669-9bc1-f644d22c5163/
Parent samples :
374e1cfd4204ff7833ca74d99952f6db74568966be4456c9c44342c8ee3dc53b
4849a87ca8fad6688bd6a58e0d8e2adb6a5964f73f6e75e93e449b2bd20b0be1
9e424c1f93f1964a2b158bbd626ccf9e2722618710c3d80049c733430fc33045
4d65167b0dac62522df345d9281a57a07fa17d85a4a703c6d4dcc9d069be1520
0722a71d9251b626a8c066963a19fe6db4711227c803afc40402c3a3e0fb51fd
dbc1e78c7644c07e178acd09bc3b02c230dba253dab5e45e5bcbf4be120a05bc
aed92a8301931959100a1bb8c52251df2fdddaf8b76ab34b6f24d7bbe58a4fe6
9f6bfc2fbaae486d17176d483f57d76e56b615ca02126be0d4a5ab7ade452aa9
8cd34d3806c08de78b9fc96bd1a99a5dbb8ce452fa92c4fee2c5ae5194237fa0
b0c56418408d162c42534fa17cce5ea36fe7dfce91c610027f252ce61377e96e
SH256 hash:
76afd1adcadbac7401d9917b3cde41897c6fe21cc82a0043713d1faecd9d9488
MD5 hash:
453c8a788d61f1b68d24ea7b1fe01832
SHA1 hash:
c3a76b71743c53c983df0a8bfaad3a1703e5c9a9
Link:
https://www.unpac.me/results/a39779ef-589a-4669-9bc1-f644d22c5163/
SH256 hash:
1fd16ca095f1557cc8848b36633d4c570b10a2be26ec89d8a339c63c150d3b44
MD5 hash:
f920cee005589f150856d311b4e5d363
SHA1 hash:
2589fa5536331a53e9a264dd630af2bdb6f6fc00
Detections:
win_cybergate_auto
Create hunting rule
win_cybergate_w0
Create hunting rule
win_cybergate_auto
Create hunting rule
win_cybergate_w0
Create hunting rule
win_cybergate_auto
Create hunting rule
win_cybergate_w0
Create hunting rule
win_cybergate_auto
Create hunting rule
win_cybergate_w0
Create hunting rule
win_cybergate_auto
Create hunting rule
win_cybergate_w0
Create hunting rule
win_cybergate_auto
Create hunting rule
win_cybergate_w0
Create hunting rule
win_cybergate_auto
Create hunting rule
win_cybergate_w0
Create hunting rule
win_cybergate_auto
Create hunting rule
win_cybergate_w0
Create hunting rule
Link:
https://www.unpac.me/results/a39779ef-589a-4669-9bc1-f644d22c5163/
Parent samples :
b64c40843b011d715c431b761680e8565383ac702f5ed80492fb30bd6aa33929
61c2d5a213f1b68ef98f2800f02697650ccf28eb38ec07635f0bffcdf18a803a
70a9324fd74829cb87228210962e4b68747f6203b4de74e061d67fc4b7f5da51
baaef35c43e34186c7e2ff97f998e41692498a2c60f78eb294bf71ae7fe1e16b
571a708504cf085b54eaed702a6c95b3189426dc20c78e42a3f1e1096d6bf044
19e71e510a71ff531afb1790500259dd4439fc56ea402c8d4baf205a03b56edc
57bf128dd42cbcebac753c89ead426c684b3f524272bad0fedb50d206c9779bc
2a17bde3e32db214b3c72b761548bf91b6e0689d1c3725a7e2d94a6a5ef3d96f
d7ca6a9d5e44cbb1ab5b1badecf0a6ab023e6e562a2089ebde235f181d85fbe1
86311a5851a1ce5cd5cedd9db3de8fc5c4b60a549db33ca019e34edc19bb7490
214207ef7ad88929d21240a3826a3c9a123127f52d1b6c43a2f604dca019804c
24510f5cee3e6f4422f58dfe5142f1ebaf29ebf6bfd44c60b5213c3db32a5344
98abcc6f294bd8549a963bbeccb0e01013dd42cc61a07aa496793aa667630a2b
12975bce5682b4d6a0849c73a8924f074e9fc12e9807e1773e3d80656851d1d2
374e1cfd4204ff7833ca74d99952f6db74568966be4456c9c44342c8ee3dc53b
4849a87ca8fad6688bd6a58e0d8e2adb6a5964f73f6e75e93e449b2bd20b0be1
9e424c1f93f1964a2b158bbd626ccf9e2722618710c3d80049c733430fc33045
4d65167b0dac62522df345d9281a57a07fa17d85a4a703c6d4dcc9d069be1520
0722a71d9251b626a8c066963a19fe6db4711227c803afc40402c3a3e0fb51fd
dbc1e78c7644c07e178acd09bc3b02c230dba253dab5e45e5bcbf4be120a05bc
aed92a8301931959100a1bb8c52251df2fdddaf8b76ab34b6f24d7bbe58a4fe6
9f6bfc2fbaae486d17176d483f57d76e56b615ca02126be0d4a5ab7ade452aa9
8cd34d3806c08de78b9fc96bd1a99a5dbb8ce452fa92c4fee2c5ae5194237fa0
738496124b1b2800e8e069e7131f995d1693728e27676c4550bd393f4cb96619
b0c56418408d162c42534fa17cce5ea36fe7dfce91c610027f252ce61377e96e
SH256 hash:
1fd16ca095f1557cc8848b36633d4c570b10a2be26ec89d8a339c63c150d3b44
MD5 hash:
f920cee005589f150856d311b4e5d363
SHA1 hash:
2589fa5536331a53e9a264dd630af2bdb6f6fc00
Detections:
win_cybergate_auto
Create hunting rule
win_cybergate_w0
Create hunting rule
win_cybergate_auto
Create hunting rule
win_cybergate_w0
Create hunting rule
win_cybergate_auto
Create hunting rule
win_cybergate_w0
Create hunting rule
win_cybergate_auto
Create hunting rule
win_cybergate_w0
Create hunting rule
win_cybergate_auto
Create hunting rule
win_cybergate_w0
Create hunting rule
win_cybergate_auto
Create hunting rule
win_cybergate_w0
Create hunting rule
win_cybergate_auto
Create hunting rule
win_cybergate_w0
Create hunting rule
win_cybergate_auto
Create hunting rule
win_cybergate_w0
Create hunting rule
Link:
https://www.unpac.me/results/a39779ef-589a-4669-9bc1-f644d22c5163/
Parent samples :
b64c40843b011d715c431b761680e8565383ac702f5ed80492fb30bd6aa33929
61c2d5a213f1b68ef98f2800f02697650ccf28eb38ec07635f0bffcdf18a803a
70a9324fd74829cb87228210962e4b68747f6203b4de74e061d67fc4b7f5da51
baaef35c43e34186c7e2ff97f998e41692498a2c60f78eb294bf71ae7fe1e16b
571a708504cf085b54eaed702a6c95b3189426dc20c78e42a3f1e1096d6bf044
19e71e510a71ff531afb1790500259dd4439fc56ea402c8d4baf205a03b56edc
57bf128dd42cbcebac753c89ead426c684b3f524272bad0fedb50d206c9779bc
2a17bde3e32db214b3c72b761548bf91b6e0689d1c3725a7e2d94a6a5ef3d96f
d7ca6a9d5e44cbb1ab5b1badecf0a6ab023e6e562a2089ebde235f181d85fbe1
86311a5851a1ce5cd5cedd9db3de8fc5c4b60a549db33ca019e34edc19bb7490
214207ef7ad88929d21240a3826a3c9a123127f52d1b6c43a2f604dca019804c
24510f5cee3e6f4422f58dfe5142f1ebaf29ebf6bfd44c60b5213c3db32a5344
98abcc6f294bd8549a963bbeccb0e01013dd42cc61a07aa496793aa667630a2b
12975bce5682b4d6a0849c73a8924f074e9fc12e9807e1773e3d80656851d1d2
374e1cfd4204ff7833ca74d99952f6db74568966be4456c9c44342c8ee3dc53b
4849a87ca8fad6688bd6a58e0d8e2adb6a5964f73f6e75e93e449b2bd20b0be1
9e424c1f93f1964a2b158bbd626ccf9e2722618710c3d80049c733430fc33045
4d65167b0dac62522df345d9281a57a07fa17d85a4a703c6d4dcc9d069be1520
0722a71d9251b626a8c066963a19fe6db4711227c803afc40402c3a3e0fb51fd
dbc1e78c7644c07e178acd09bc3b02c230dba253dab5e45e5bcbf4be120a05bc
aed92a8301931959100a1bb8c52251df2fdddaf8b76ab34b6f24d7bbe58a4fe6
9f6bfc2fbaae486d17176d483f57d76e56b615ca02126be0d4a5ab7ade452aa9
8cd34d3806c08de78b9fc96bd1a99a5dbb8ce452fa92c4fee2c5ae5194237fa0
738496124b1b2800e8e069e7131f995d1693728e27676c4550bd393f4cb96619
b0c56418408d162c42534fa17cce5ea36fe7dfce91c610027f252ce61377e96e
SH256 hash:
a81dd974466c94d9a9731f1e3974b12dbcfcfda7707b09f2b2f519da349f0422
MD5 hash:
086047efb311bf8bf0ed2bbf3f7c3dda
SHA1 hash:
c19efb3b369347fcbf0536e6bc140ed195e5760c
Detections:
win_cybergate_auto
Create hunting rule
win_cybergate_w0
Create hunting rule
win_cybergate_auto
Create hunting rule
win_cybergate_w0
Create hunting rule
Link:
https://www.unpac.me/results/a39779ef-589a-4669-9bc1-f644d22c5163/
SH256 hash:
d0854939b680487234301d80f2d12143739d8011333ac2696ca8f285852a9f33
MD5 hash:
50cac81fab9bb9c2743e90dca843ea49
SHA1 hash:
447096fa770c1538caa10b86fdb994f2d73f41f8
Link:
https://www.unpac.me/results/a39779ef-589a-4669-9bc1-f644d22c5163/
SH256 hash:
e2ca52be0ae7c76aaf719d68c45672cab8e5e46bc0fd8d18407d84077dd076c7
MD5 hash:
e980095ada45166a0cf4047c951a3d8c
SHA1 hash:
37ba8c0565c589d9ba77dcd987bb0af37c69e864
Detections:
win_cybergate_auto
Create hunting rule
win_cybergate_w0
Create hunting rule
win_cybergate_auto
Create hunting rule
win_cybergate_w0
Create hunting rule
Link:
https://www.unpac.me/results/a39779ef-589a-4669-9bc1-f644d22c5163/
SH256 hash:
51038f40e471029063276c6478ab272eb1bb6268a979280e191c1c6a9ae0684c
MD5 hash:
eb5ad24de2374e481eab923f4e64bed6
SHA1 hash:
eb35353b8d4e1d047225ffe19b06a692d679bb80
Link:
https://www.unpac.me/results/a39779ef-589a-4669-9bc1-f644d22c5163/
SH256 hash:
db1e2632282032283f9e3880157f3a1e140d6a766ec267dcf60160f7e401edc4
MD5 hash:
b319e7ad3b684c02c8c94e6170e109fe
SHA1 hash:
22c8e932f93e2905d9731b720fcc35b7200816ca
Link:
https://www.unpac.me/results/a39779ef-589a-4669-9bc1-f644d22c5163/
SH256 hash:
8b2a6cc4d86181e054129ea81554b557a25ed5825198e58031c1c00cc089ab73
MD5 hash:
0bc843f885b91c48bd114bac632a2623
SHA1 hash:
ff3779c41e9d56bbe9a20cadbfd3456bade42ce4
Link:
https://www.unpac.me/results/a39779ef-589a-4669-9bc1-f644d22c5163/
SH256 hash:
fe26a797841fe7f7a04b5d0d32b0411e3305b250dc3488938b6a26a9870a0458
MD5 hash:
f29e4e40316126c7b22129bd19115c1d
SHA1 hash:
eceacbae05e64696c014d2df5569831da2c1b693
Link:
https://www.unpac.me/results/a39779ef-589a-4669-9bc1-f644d22c5163/
SH256 hash:
07da792da2e93f772b9fe41e29fb280e262b2075331e9b8ab97137d846f8f24a
MD5 hash:
0640b6d07885d30eed3c7517d9da9932
SHA1 hash:
d7a4554f5d1a4f8a868002781447e591a4b3e3aa
Link:
https://www.unpac.me/results/a39779ef-589a-4669-9bc1-f644d22c5163/
SH256 hash:
0a07195705a277f94d52167f5231d429c9cbd9496c58ad889ae6414f180b53d3
MD5 hash:
6cc36b85ed228a434d0455190b4c449f
SHA1 hash:
9674267b22c124d61ec2ba60d84a60843003d28e
Link:
https://www.unpac.me/results/a39779ef-589a-4669-9bc1-f644d22c5163/
SH256 hash:
5d340aa3f364cc8a80588b83105a179a5de6ba2970b5e95cee3511677b0c0a35
MD5 hash:
f74537d2e3585203d337a0bae9b45b61
SHA1 hash:
75a2eabb67ca12f73b0b3555a67c4bea90531f40
Link:
https://www.unpac.me/results/a39779ef-589a-4669-9bc1-f644d22c5163/
SH256 hash:
ca86cda568d9154733280a34bab5d6388bde2f777f1689cc955f930dc3e5f987
MD5 hash:
e74fbb562bc4e236f2e88c4f37b2c1cb
SHA1 hash:
686448b272836e9f6126d63b6536eab097659f5d
Link:
https://www.unpac.me/results/a39779ef-589a-4669-9bc1-f644d22c5163/
SH256 hash:
b5b977c8652d8ff31e1dc49f89909449552f7dd9f79d9a6317e7988a7baae1e0
MD5 hash:
536d89f0109c0d04381737b060e2fc7c
SHA1 hash:
5ffeb5fd71ec4240c5dd325d4fbd591796c8a573
Link:
https://www.unpac.me/results/a39779ef-589a-4669-9bc1-f644d22c5163/
SH256 hash:
c2f6872f7895b7e905ed57f9265aa05525f3023b1b83c96642d4673a7e7f780e
MD5 hash:
e3a0197eb962d3a082750bff48c1f2ef
SHA1 hash:
5da667e0aaec3bc666667cd998d98c4562b9ac45
Link:
https://www.unpac.me/results/a39779ef-589a-4669-9bc1-f644d22c5163/
SH256 hash:
cb21ba15cf29636cf6bd6a185b7199e34b32b7ffb3ecf98ebbd0e50a99427d64
MD5 hash:
66d97c6062c9d173f6ee87b90870de75
SHA1 hash:
4894ef2d57779606e8dcd89762232f526d6d41d4
Link:
https://www.unpac.me/results/a39779ef-589a-4669-9bc1-f644d22c5163/
SH256 hash:
dc4d46d8ca4451aa9656476005337975a70266db4bf599fd45e13a691f5f282b
MD5 hash:
d5fcdeb5aec2ce396b12a7a0cc6d4829
SHA1 hash:
43434193374117d7a2992c4db1f87e6fcc9b0372
Link:
https://www.unpac.me/results/a39779ef-589a-4669-9bc1-f644d22c5163/
SH256 hash:
7c85eef6c75ff79d7ba45829660d7abd2dd2c39fa6d38d00d64fa5daf3905120
MD5 hash:
51760d1f04ceda1bb7b6a6831abb9608
SHA1 hash:
3a41dc8bee939e68c6e5e777fed4a2ba0f53c18f
Link:
https://www.unpac.me/results/a39779ef-589a-4669-9bc1-f644d22c5163/
SH256 hash:
7dd229d37bd0a8ba4aba3367c1e1d2d612160a60b5b7fea9781f1f99cc23435c
MD5 hash:
ce04ce13e57be3a094172c602a949809
SHA1 hash:
36fc0f920e433c6ef6f8e2a65bdbcab52e257b15
Link:
https://www.unpac.me/results/a39779ef-589a-4669-9bc1-f644d22c5163/
SH256 hash:
5a5693c6436530a1dfdad786d45ae3f14e520beba8ada74fa2be475f220155ce
MD5 hash:
feeeb2c1d1ca3b05e1c828b47ed3c672
SHA1 hash:
301a68f6345fa86d6ca40912f6a87a48e63ac006
Link:
https://www.unpac.me/results/a39779ef-589a-4669-9bc1-f644d22c5163/
SH256 hash:
8655bf362a60602bd74bced8f9bac0924eec79265ca1e16ad50c61d5f1e464b8
MD5 hash:
fc3d034d583083b26f9dbc2746f41b9d
SHA1 hash:
82fc0cafbe65139f509fcc67c634637d2987c3a3
Detections:
win_cybergate_auto
Create hunting rule
win_cybergate_w0
Create hunting rule
win_cybergate_auto
Create hunting rule
win_cybergate_w0
Create hunting rule
Link:
https://www.unpac.me/results/a39779ef-589a-4669-9bc1-f644d22c5163/
SH256 hash:
315ea78aeb8d8b09c1c38a94c350ad3fe5d16b4e49cce2dff0da78ce46334175
MD5 hash:
74214e7270590b06eb8a8632468fe8e2
SHA1 hash:
6722853609f678ec7eb58afbf879d2e28ae41e5f
Link:
https://www.unpac.me/results/a39779ef-589a-4669-9bc1-f644d22c5163/
SH256 hash:
fbfbc62f28c7dc389a256028f7eb7bd1e5cf3a7afb5f1772df61690f28f77b6b
MD5 hash:
ee576f105c01602df2e560c2826c498f
SHA1 hash:
3ca9459be8936473b3f433fed284b20618767318
Link:
https://www.unpac.me/results/a39779ef-589a-4669-9bc1-f644d22c5163/
SH256 hash:
fbfbc62f28c7dc389a256028f7eb7bd1e5cf3a7afb5f1772df61690f28f77b6b
MD5 hash:
ee576f105c01602df2e560c2826c498f
SHA1 hash:
3ca9459be8936473b3f433fed284b20618767318
Link:
https://www.unpac.me/results/a39779ef-589a-4669-9bc1-f644d22c5163/
SH256 hash:
b9230739f5a95147e5a1d5854a53583e5cbd5a169fdf44b41b378ec0c6fe75b1
MD5 hash:
545e01d6428eb4b8585431111105bb57
SHA1 hash:
84d2898280bf3c67fb9b63512d408b9f44ce55ad
Link:
https://www.unpac.me/results/a39779ef-589a-4669-9bc1-f644d22c5163/
SH256 hash:
3682477ca0ced89c0aca2632f5bd997c15ecf2330ee0a12081bf3519852c7727
MD5 hash:
3810e5e33e087981b7074446142ad5e4
SHA1 hash:
006cc1fffb9b879188e7c0207a2fd33db00fb37a
Link:
https://www.unpac.me/results/a39779ef-589a-4669-9bc1-f644d22c5163/
SH256 hash:
2cad7d9219984134d86a34ad76429a8e2e2010981be2ffe4dd114db6482b68eb
MD5 hash:
b3ffea4cc22816b7bee578cc0ef50326
SHA1 hash:
af9612430b041bc61e269aeb477583141968c727
Link:
https://www.unpac.me/results/a39779ef-589a-4669-9bc1-f644d22c5163/
SH256 hash:
68d7a065fa7282fa50e6c29a4b1acfe8b31e84e51eb2c65a7581be42cf3d3315
MD5 hash:
6f7fe2c040e7ca1857673d0abb3f3a29
SHA1 hash:
6cbbea2560d8fedafef8e400ce129002198775e0
Link:
https://www.unpac.me/results/a39779ef-589a-4669-9bc1-f644d22c5163/
SH256 hash:
537f2597536f094a13ee080217accf2a9eabc59c52edc68717254ce126bc07ae
MD5 hash:
1c56468e6434ce8f9b4e5a84de57a5e2
SHA1 hash:
8f0c11a3a05dab908101858b75da9537c238d5e4
Link:
https://www.unpac.me/results/a39779ef-589a-4669-9bc1-f644d22c5163/
SH256 hash:
d775593465eb96038a0b413befbdddc6a06e0aa8a388beb7a06e8e44ee05b411
MD5 hash:
78206668bb4aab304f6024b4c0015fcb
SHA1 hash:
41232d8dbe011ae31cf9999e08953cb5ecc455a7
Link:
https://www.unpac.me/results/a39779ef-589a-4669-9bc1-f644d22c5163/
SH256 hash:
c4d40b2152189caaee7103696f5d863b212605ae66bee998fd50bf3be5661fe1
MD5 hash:
1e61220c6d746dd591e72d8d114cf944
SHA1 hash:
71122a026dfc80036acfbe7493fc6d0ddc913df6
Link:
https://www.unpac.me/results/a39779ef-589a-4669-9bc1-f644d22c5163/
SH256 hash:
6c40b0293c88aea1b13e42937fc2927a7c1eca73cbd343e067eba03c417e9a3c
MD5 hash:
ac58da81092575a6e46b7df6970583c6
SHA1 hash:
3d65da95222585b55936a90c64fc966d1eacaa0c
Link:
https://www.unpac.me/results/a39779ef-589a-4669-9bc1-f644d22c5163/
SH256 hash:
d7ca6a9d5e44cbb1ab5b1badecf0a6ab023e6e562a2089ebde235f181d85fbe1
MD5 hash:
66a87b563d106753301b349a883eb8f7
SHA1 hash:
df6e478dace0cf3a8117a34c11bd5a725b8d7ace
Link:
https://www.unpac.me/results/a39779ef-589a-4669-9bc1-f644d22c5163/
Malware family:
CyberGate
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/d7ca6a9d5e44/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/d7ca6a9d5e44cbb1ab5b1badecf0a6ab023e6e562a2089ebde235f181d85fbe1

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:BitcoinAddress
Create hunting rule
Author:Didier Stevens (@DidierStevens)
Description:Contains a valid Bitcoin address
Rule name:INDICATOR_SUSPICIOUS_EXE_SQLQuery_ConfidentialDataStore
Create hunting rule
Author:ditekSHen
Description:Detects executables containing SQL queries to confidential data stores. Observed in infostealers
Rule name:Malware_QA_update
Create hunting rule
Author:Florian Roth
Description:VT Research QA uploaded malware - file update.exe
Reference:VT Research QA
Rule name:Malware_QA_update_RID2DAD
Create hunting rule
Author:Florian Roth
Description:VT Research QA uploaded malware - file update.exe
Reference:VT Research QA
Rule name:win_cybergate_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator
Rule name:win_cybergate_w0
Create hunting rule
Author:Kevin Breen <kevin@techanarchy.net>

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/294153/

Comments