General
-
Target
4df346a12ef5679ec0b960d037c8f52a.exe
-
Size
554KB
-
Sample
210517-3dqv6gvzka
-
MD5
4df346a12ef5679ec0b960d037c8f52a
-
SHA1
65efd3a10061179a689c71bf2f47bf72d632b210
-
SHA256
b543eff3487cfe5e18d6a4dcd26f21ea04ce8e689d01d72fdbf2f422e451d20b
-
SHA512
03a5621cc571457ef22e915f1bb0632f5649168fd230fb9fd0dca7a817778584019feeb1d4032c7c9d505fb2faccbf8fd30903043a0aeca09bf86344537db295
Malware Config
Extracted
cybergate
v3.4.2.2
remote
asade.no-ip.org:25565
G164JO6TGAX8GC
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
rdns
-
install_file
windows
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
Remote Administration anywhere in the world.
-
message_box_title
CyberGate
-
password
cybergate
-
regkey_hkcu
erdsvexcv
-
regkey_hklm
werwdsf
Targets
-
-
Target
4df346a12ef5679ec0b960d037c8f52a.exe
-
Size
554KB
-
MD5
4df346a12ef5679ec0b960d037c8f52a
-
SHA1
65efd3a10061179a689c71bf2f47bf72d632b210
-
SHA256
b543eff3487cfe5e18d6a4dcd26f21ea04ce8e689d01d72fdbf2f422e451d20b
-
SHA512
03a5621cc571457ef22e915f1bb0632f5649168fd230fb9fd0dca7a817778584019feeb1d4032c7c9d505fb2faccbf8fd30903043a0aeca09bf86344537db295
Score10/10-
CyberGate, Rebhip
CyberGate is a lightweight remote administration tool with a wide array of functionalities.
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Loads dropped DLL
-
Adds Run key to start application
-