cybergate | a8fb3410319437822de96b1e46ef490f6b0785559b54fdae71e6f16371ae9b27 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a8fb3410319437822de96b1e46ef490f6b0785559b54fdae71e6f16371ae9b27
Size

490KB
MD5

91a30aabc86925f73ad708bd15c9742a
SHA1

7b89b1d2a3abf7f801cc050e5cccaec809782d32
SHA256

a8fb3410319437822de96b1e46ef490f6b0785559b54fdae71e6f16371ae9b27
SHA512

b96be169df97c3b32128aeb18214f16fd35f9a0c597bffdc6e5cd0a6bed2ef8ae7dc29d4c7f68532819c9018e0f2780945be77f67599a54860545c3c8078eae0
SSDEEP

12288:EcD66FeKgQnEb+D5LfV13ycYOndm5cUG+2BtT8VMbc2:EargQ/tfVDYmdmN2vT8W5

Score

10^/10

upx vítima cybergate

Malware Config

Extracted

Family

cybergate

Version

2.7 Beta 02

Botnet

vítima

C2

127.0.0.1:81

Mutex

***MUTEX***

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./logs/
ftp_interval
30
injected_process
explorer.exe
install_dir
install
install_file
server.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
texto da mensagem
message_box_title
título da mensagem
password
abcd1234

Signatures

Cybergate family
cybergate

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Files

a8fb3410319437822de96b1e46ef490f6b0785559b54fdae71e6f16371ae9b27
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 272KB - Virtual size: 276KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE