Overview

overview

10

Static

static

10

c6c73d7a96...1f.exe

windows7-x64

10

c6c73d7a96...1f.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    c6c73d7a9603c63b831c18c38b834cd848b72341646c2db3866dabd81309051f

  • Size

    280KB

  • MD5

    125d68f62db8daa7e1649861406dc7f3

  • SHA1

    c445b6cba03b4d27e22026cff54f37ccec970a47

  • SHA256

    c6c73d7a9603c63b831c18c38b834cd848b72341646c2db3866dabd81309051f

  • SHA512

    f4628379f1ac293c02a939219c5f4fecb6d6b65f0f91f7af79fe67cf1cb02045f2a5687f378eb61fa5bf853119e17e7dea78fb6904c7e58d28154276d6b850aa

  • SSDEEP

    6144:23LZfsxZZQttyCVxaWYSdMU/77hlruc6XmDoTbcI7CPPdG:iReAtpVxagMU/plruchDofAPc

Score
10/10
cybercybergate

Malware Config

Extracted

Family

cybergate

Version

v1.02.0

Botnet

Cyber

C2

lincolnhawk.no-ip.biz:82

Mutex

XF313KB3K3M5N7

Attributes
  • enable_keylogger

    true

  • enable_message_box

    false

  • ftp_directory

    ./logs/

  • ftp_interval

    30

  • injected_process

    explorer.exe

  • install_dir

    Winbooterr

  • install_file

    Svchost.exe

  • install_flag

    true

  • keylogger_enable_ftp

    false

  • message_box_caption

    Remote Administration anywhere in the world.

  • message_box_title

    CyberGate

  • password

    123456

  • regkey_hkcu

    HKCU

  • regkey_hklm

    HKLM

Signatures

Files

  • c6c73d7a9603c63b831c18c38b834cd848b72341646c2db3866dabd81309051f
    .exe windows x86


    Headers

    Sections