General
-
Target
7C09DCEBD6136A6A73A96EAC91568DCC.exe
-
Size
789KB
-
Sample
210724-eezfgx4xms
-
MD5
7c09dcebd6136a6a73a96eac91568dcc
-
SHA1
4e197a783345969df826faaca772b065530bd6c5
-
SHA256
7ef8a647eee5935219cea3f21cdc5a1fe28a53b177c6d3280e5ee8f2304b3e5c
-
SHA512
c5c180756342e3a5456d19084e6bd75ac5ed73068566e89c0e5d25aa740893306aca48ffb25e320a605e53f942c1299767da4e9f215f8d31f53b2c2ce5327c22
Malware Config
Extracted
cybergate
v3.4.2.2
remote
asade.no-ip.org:25565
D4T52W8MT863F7
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
rdns
-
install_file
windows
-
install_flag
false
-
keylogger_enable_ftp
false
-
message_box_caption
Remote Administration anywhere in the world.
-
message_box_title
CyberGate
-
password
cybergate
-
regkey_hkcu
erterterter
-
regkey_hklm
sdsdfsdf
Targets
-
-
Target
7C09DCEBD6136A6A73A96EAC91568DCC.exe
-
Size
789KB
-
MD5
7c09dcebd6136a6a73a96eac91568dcc
-
SHA1
4e197a783345969df826faaca772b065530bd6c5
-
SHA256
7ef8a647eee5935219cea3f21cdc5a1fe28a53b177c6d3280e5ee8f2304b3e5c
-
SHA512
c5c180756342e3a5456d19084e6bd75ac5ed73068566e89c0e5d25aa740893306aca48ffb25e320a605e53f942c1299767da4e9f215f8d31f53b2c2ce5327c22
Score10/10-
CyberGate, Rebhip
CyberGate is a lightweight remote administration tool with a wide array of functionalities.
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Drops startup file
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-