cybergate | 6d2cef638430da535bf1fe7ace212b9f7230eeb5d795d1dc0878762a053282c4 | Triage

Sharing

General

Target

6d2cef638430da535bf1fe7ace212b9f7230eeb5d795d1dc0878762a053282c4
Size

689KB
MD5

7a8ee23b2405a6a6cc7810ccd56890b8
SHA1

e83c8a5ecc04091d443ae22666b6b4d10bd7f179
SHA256

6d2cef638430da535bf1fe7ace212b9f7230eeb5d795d1dc0878762a053282c4
SHA512

049b43b69e813849627c6a742928d51b769e2b47b71c9aa02a3065ea7c2702cb89f89e31f4f029868d124ce3b5361a3ced2cdc3596aa2512a52dae9111ac9057
SSDEEP

12288:jcD66kQ4dLOSwCDfJqlE6uGiGSAlVLuBRzXA2oAMHVB66EYAUTS9D/ksSzQR:jvLtwCc26uGi2VCHXSBzTaDMsAQR

Score

10^/10

upx vítima cybergate

Malware Config

Extracted

Family

cybergate

Version

2.7 Final

Botnet

vítima

C2

127.0.0.1:81

Mutex

***MUTEX***

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./logs/
ftp_interval
30
injected_process
explorer.exe
install_dir
install
install_file
server.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
texto da mensagem
message_box_title
título da mensagem
password
abcd1234

Signatures

Cybergate family
cybergate

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Files

6d2cef638430da535bf1fe7ace212b9f7230eeb5d795d1dc0878762a053282c4
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: 216KB - Virtual size: 216KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 468KB - Virtual size: 468KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE