General

  • Target

    6dec8a7a5dd5665f5dbaa858e90381e42193641c62a28a60c94a707404ac1f2a

  • Size

    469KB

  • MD5

    45d85c5004e7315605f490060b516180

  • SHA1

    f933120f9171e1212e77a47efd47f6ac96bfcbc2

  • SHA256

    6dec8a7a5dd5665f5dbaa858e90381e42193641c62a28a60c94a707404ac1f2a

  • SHA512

    704281d066707472686e84c0c1e88aa438408464a72e7dff772429cc120954e1ff05a190779714926f2203d789cba99a8454a3761c01c3dd6333f9e777ce14a5

  • SSDEEP

    6144:rOpslUlqMhdBCkWYxuukP1pjSKSNVkq/MVJbyQZXVNjTczq87OnlJZRTZzGywuKg:rwslSTBd47GLRMTbNZXjjIB703IywuKg

Score
10/10

Malware Config

Extracted

Family

cybergate

Version

v1.07.5

Botnet

Server

C2

cobrablack.no-ip.biz:8080

sarajesica.redirectme.net:200

Mutex

X2J33O885YF0NC

Attributes
  • enable_keylogger

    false

  • enable_message_box

    true

  • ftp_directory

    ./logs/

  • ftp_interval

    30

  • injected_process

    explorer.exe

  • install_dir

    install

  • install_file

    server.exe

  • install_flag

    true

  • keylogger_enable_ftp

    false

  • message_box_caption

    Remote Administration anywhere in the world.

  • message_box_title

    CyberGate

  • password

    12345

  • regkey_hklm

    HKLM

Signatures

Files

  • 6dec8a7a5dd5665f5dbaa858e90381e42193641c62a28a60c94a707404ac1f2a
    .exe windows x86


    Headers

    Sections