Overview

overview

10

Static

static

10

c33323db86...28.exe

windows7-x64

10

c33323db86...28.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    c33323db8653046683f3817af2544f79ece5e5b43196063a2efd7717f7d5ed28

  • Size

    474KB

  • MD5

    058555a25db11208a6b549abf07b2de8

  • SHA1

    f681a860a8f6af6848f53b550dc4e878b8c8a7b4

  • SHA256

    c33323db8653046683f3817af2544f79ece5e5b43196063a2efd7717f7d5ed28

  • SHA512

    a39c135a640ec56ca9f56f5242280fec72f7953cf6d3fd23c93db4bd852fb1726e921bec7441209b4a4687c98cb0e0c53256894f442d59f7dcec4a98419bd46c

  • SSDEEP

    12288:qp92sTnqlgKvEek7qaWqXT+JyUZpKl+N/D9Eyq+DZCNqcohG:kHTqlDvE3EKyJvKl4rGy7Z5caG

Score
10/10
upxtruecybergate

Malware Config

Extracted

Family

cybergate

Botnet

TRUE

C2

ÝØðÕÞÎÝÎÅý¼¼ûÙÈìÎÓßýØØÎÙÏϼ¼êÕÎÈÉÝÐìÎÓÈÙßȼ¼êÕÎÈÉÝÐýÐÐÓß¼¼êÕÎÈÉÝÐúÎÙÙ¼¼¼ùÄÕÈìÎÓßÙÏϼ¼¼ðÏÝÿÐÓÏÙ¼¼ÿÎÅÌÈéÒÌÎÓÈÙßÈøÝÈݼ¼ÿÓèÝÏ×ñÙÑúÎÙÙ¼¼¼ïÅÏúÎÙÙïÈÎÕÒÛ¼¼¼ìïÈÓÎÙÿÎÙÝÈÙõÒÏÈÝÒßÙ¼¼îÝÏùÒÉÑùÒÈÎÕÙÏý¼¼¼ïôûÙÈïÌÙßÕÝÐúÓÐØÙÎìÝÈÔý¼¼¼èÓýÏßÕÕ¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼N1-488S-68HY1WEP5P24}

cfmon

TRUE

64

0

Metin2 Hileleri 2012

Hileyi Çalýþtýrmak Ýçin Metin2'den Çýkmanýz Gerekir.

FALSE

ftp.server.com

./logs/

ftp_user

ªš÷Öº+Þ

21

30
Mutex

Attributes
  • enable_keylogger

    false

  • enable_message_box

    true

  • install_dir

    TRUE

  • install_file

    TRUE

  • install_flag

    true

  • keylogger_enable_ftp

    false

  • message_box_caption

    TRUE

  • message_box_title

    TRUE

  • password

    TRUE

  • regkey_hkcu

    TRUE

  • regkey_hklm

    TRUE

Signatures

  • Cybergate family
    cybergate
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx

Files

  • c33323db8653046683f3817af2544f79ece5e5b43196063a2efd7717f7d5ed28
    .exe windows x86


    Headers

    Sections

  • out.upx
    .exe windows x86


    Headers

    Sections