cybergate | a033dfb58965adeb505f0c01c59e8716f343e8cdd8922e9f378a97bd4122bcc0 | Triage

Submit
Reports

Overview

overview

Static

static

a033dfb589...c0.exe

windows7-x64

a033dfb589...c0.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

Static task

static1

thecat cybergate

1 signatures

Behavioral task

behavioral1

Sample

a033dfb58965adeb505f0c01c59e8716f343e8cdd8922e9f378a97bd4122bcc0.exe

Resource

win7-20220901-en

cybergate thecat persistence stealer trojan upx

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

a033dfb58965adeb505f0c01c59e8716f343e8cdd8922e9f378a97bd4122bcc0.exe

Resource

win10v2004-20220901-en

cybergate thecat persistence stealer trojan upx

windows10-2004-x64

18 signatures

150 seconds

General

Target

a033dfb58965adeb505f0c01c59e8716f343e8cdd8922e9f378a97bd4122bcc0
Size

658KB
MD5

3aa747a10700e3ef537f881d55a1ccd0
SHA1

f3a48a74639e1305ac1cc1fc01e546e4a28db87b
SHA256

a033dfb58965adeb505f0c01c59e8716f343e8cdd8922e9f378a97bd4122bcc0
SHA512

821073e836a899c7ec95d404f5cf7ae255c079c01420a7814d385e63f600691921966ecce9da5a42ac26c963b8b84332d0ec3fc0709bf96f81eb8ab1bbc103cd
SSDEEP

6144:TmcD66RWl0BiJTNyJBy5WQxmZr8u7lrfGIO0OkijKH5mG0JE5JGmrpQsK3RD2u22:qcD66BiocwB/RTo0OzxRZ2zkPaCxE0p

Score

10^/10

thecat cybergate

Malware Config

Extracted

Family

cybergate

Version

2.6

Botnet

TheCat

C2

213.198.32.90:81

213.198.32.90:1285

213.198.32.90:9283

213.198.32.90:2000

Mutex

***MUTEX***

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./logs/
ftp_interval
30
injected_process
explorer.exe
install_dir
install
install_file
system.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
texto da mensagem
message_box_title
título da mensagem
password
dog2004g
regkey_hkcu
HKCU
regkey_hklm
HKLM

Signatures

Cybergate family
cybergate

Files

a033dfb58965adeb505f0c01c59e8716f343e8cdd8922e9f378a97bd4122bcc0
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.telock
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pecrypt
Size: 519KB - Virtual size: 520KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shield
Size: 25KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pestub
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

© 2018-2025

Terms | Privacy