Overview

overview

10

Static

static

10

d89116803c...bf.exe

windows7-x64

10

d89116803c...bf.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d89116803c66920bfc2a286507c8becd675af259b42290babf2051ee637031bf

  • Size

    687KB

  • MD5

    9095f4129ebc67e492bc6800aa3d2179

  • SHA1

    3ed0e1675fac7a0e3db450c7a5aa7e0f4372dda8

  • SHA256

    d89116803c66920bfc2a286507c8becd675af259b42290babf2051ee637031bf

  • SHA512

    f8a742acdb933a83528944582f84900b1ada265a2bbe8c8f0c0418baca0fd42620168fd071da0323598f31efdd49584f1ff546ed7ffe61a656e28895239fc3a6

  • SSDEEP

    12288:WcD663fkpQ4dLOSwCDfJqlE6uGiGSAlVLuBRzXA2oAMHVB66EYAUTS9D/ksSzQRr:WkkDLtwCc26uGi2VCHXSBzTaDMsAQRr

Score
10/10
philippecybergate

Malware Config

Extracted

Family

cybergate

Version

2.7 Final

Botnet

philippe

C2

romain38.no-ip.org:81

Mutex

***MUTEX***

Attributes
  • enable_keylogger

    true

  • enable_message_box

    true

  • ftp_directory

    ./logs/

  • ftp_interval

    30

  • injected_process

    explorer.exe

  • install_dir

    Windir

  • install_file

    svchsot.exe

  • install_flag

    true

  • keylogger_enable_ftp

    false

  • message_box_caption

    La réinstallation de se logiciel peut résoudre les problemes.

  • message_box_title

    Erreur System

  • password

    123

  • regkey_hkcu

    HKCU

  • regkey_hklm

    HKLM

Signatures

Files

  • d89116803c66920bfc2a286507c8becd675af259b42290babf2051ee637031bf
    .exe windows x86


    Headers

    Sections