cybergate | 331462e26ebb1bcc7bc0800b52b4ec376024c9221e853ac22f09b1bd9fb2320b | Triage

Sharing

General

Target

331462e26ebb1bcc7bc0800b52b4ec376024c9221e853ac22f09b1bd9fb2320b
Size

217KB
Sample

221004-hsab1ageg7
MD5

5a9d79a675cef4f854ec59417406cf30
SHA1

cfafce667e44a5b6fbb6bdb73bf543dcb97fb982
SHA256

331462e26ebb1bcc7bc0800b52b4ec376024c9221e853ac22f09b1bd9fb2320b
SHA512

52d2e5bd99c461c9b002192ccca2fe2eb6140a87c6137f797114e40874ee486cd3353437824ab221de700fa6c8a57ddb3e508be0764cce13e2d7226efe7f87a1
SSDEEP

3072:PATpuydVEOyqGnlqxIl4ZyBKhdOhbYCkW7E/Zuuke0EEQwpXTBROniNKYHkno:POpslFlqJhdBCkWYxuukP1pjSKSo

Score

10^/10

cybergate 1

Malware Config

Extracted

Family

cybergate

Version

v1.07.5

Botnet

1

C2

94.102.0.56:82

Mutex

VE8548240R1EI6

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./logs/
ftp_interval
30
injected_process
explorer.exe
install_dir
install
install_file
server.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
Remote Administration anywhere in the world.
message_box_title
CyberGate
password
1

Targets

- Target
  
  331462e26ebb1bcc7bc0800b52b4ec376024c9221e853ac22f09b1bd9fb2320b
- Size
  
  217KB
- MD5
  
  5a9d79a675cef4f854ec59417406cf30
- SHA1
  
  cfafce667e44a5b6fbb6bdb73bf543dcb97fb982
- SHA256
  
  331462e26ebb1bcc7bc0800b52b4ec376024c9221e853ac22f09b1bd9fb2320b
- SHA512
  
  52d2e5bd99c461c9b002192ccca2fe2eb6140a87c6137f797114e40874ee486cd3353437824ab221de700fa6c8a57ddb3e508be0764cce13e2d7226efe7f87a1
- SSDEEP
  
  3072:PATpuydVEOyqGnlqxIl4ZyBKhdOhbYCkW7E/Zuuke0EEQwpXTBROniNKYHkno:POpslFlqJhdBCkWYxuukP1pjSKSo
Score

1^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2