cybergate | ab2339e2349f9246bd16df94d81d4ab059381d155f9ef5611a37a516d0b86ba8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ab2339e2349f9246bd16df94d81d4ab059381d155f9ef5611a37a516d0b86ba8
Size

336KB
MD5

47fe753ab747fc6bbebd26f4702c9ad4
SHA1

751fb42b894c7988ff6e8b46b5332cfe85f3dcb9
SHA256

ab2339e2349f9246bd16df94d81d4ab059381d155f9ef5611a37a516d0b86ba8
SHA512

d643facf7a29e964a386aa431d3bff202e6057d37ed87e403ed679293c784a7b879d00785fa64afe4739cb7ef0e5c72a5b4b1c349e39dbba988a62d278cf2948
SSDEEP

6144:+4ABFVpAuO/50BTnqPd0Mpz7qhh4nXjjf8MZ9BKXKaIz9+:1UMGLE0kuGnESB

Score

10^/10

upx victim cybergate

Malware Config

Extracted

Family

cybergate

Version

v1.04.8

Botnet

Victim

C2

inextremi5.zapto.org:10235

Mutex

3T181O72UP6JI5

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./logs/
ftp_interval
30
injected_process
explorer.exe
install_dir
WindowsLogin
install_file
svchost.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
Remote Administration anywhere in the world.
message_box_title
CyberGate
password
x9732w
regkey_hkcu
WindowsShell
regkey_hklm
WindowsLogin

Signatures

Cybergate family
cybergate

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Files

ab2339e2349f9246bd16df94d81d4ab059381d155f9ef5611a37a516d0b86ba8
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 263KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE