Overview

overview

10

Static

static

10

5aa096f20f...81.exe

windows7-x64

10

5aa096f20f...81.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    5aa096f20f6d4cf0c64913d80c1681796fec351b6657a54cd9c79ee3a7ee5881

  • Size

    272KB

  • MD5

    00fcfa0d243fcfe3af1f2e70823e9f11

  • SHA1

    07025cb3d8d23e03098edefee10b8b9d52ae5cac

  • SHA256

    5aa096f20f6d4cf0c64913d80c1681796fec351b6657a54cd9c79ee3a7ee5881

  • SHA512

    da8bb3a2b5911f55922ef8ad8928f349d422dbaf5aed5def20ce42e0caff5383407a7c67bf3adf6760d580b7f6d29b0f3d715bad770e9a5a15af58b4d976a9e7

  • SSDEEP

    6144:2kjQLnh7r9HxfcMsxYfu80+MyNYj/SpRuJ12mKmqSWbv3hlmw:J8B9BcMsxIrMei6/5Cqvfm

Score
10/10
upxfalsecybergate

Malware Config

Extracted

Family

cybergate

Botnet

FALSE

C2

ÝØðÕÞÎÝÎÅý¼¼ûÙÈìÎÓßýØØÎÙÏϼ¼êÕÎÈÉÝÐìÎÓÈÙßȼ¼êÕÎÈÉÝÐýÐÐÓß¼¼êÕÎÈÉÝÐúÎÙÙ¼¼¼ùÄÕÈìÎÓßÙÏϼ¼¼ðÏÝÿÐÓÏÙ¼¼ÿÎÅÌÈéÒÌÎÓÈÙßÈøÝÈݼ¼ÿÓèÝÏ×ñÙÑúÎÙÙ¼¼¼ïÅÏúÎÙÙïÈÎÕÒÛ¼¼¼ìïÈÓÎÙÿÎÙÝÈÙõÒÏÈÝÒßÙ¼¼îÝÏùÒÉÑùÒÈÎÕÙÏý¼¼¼ïôûÙÈïÌÙßÕÝÐúÓÐØÙÎìÝÈÔý¼¼¼èÓýÏßÕÕ¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼ŸŸŸüŸŸŸŸFALSE

16

0

Test

Tester

TRUE

FALSE

ftp.server.com

./logs/

ftp_user

ªš÷Öº+Þ

21

30
Mutex

Attributes
  • enable_keylogger

    false

  • enable_message_box

    true

  • ftp_directory

    javaing

  • install_dir

    FALSE

  • install_file

    FALSE

  • install_flag

    false

  • keylogger_enable_ftp

    false

  • message_box_caption

    73c8ec8ce68b4c135a037821316868bc

  • message_box_title

    FALSE

  • password

    FALSE

  • regkey_hkcu

    TRUE

  • regkey_hklm

    explorer.exe

Signatures

  • Cybergate family
    cybergate
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx

Files

  • 5aa096f20f6d4cf0c64913d80c1681796fec351b6657a54cd9c79ee3a7ee5881
    .exe windows x86


    Headers

    Sections

  • out.upx
    .exe windows x86


    Headers

    Sections