cybergate | 2af9efd6ba1ac16729d30f17df7fc5263a55bf805d07bc247247c8ab8f926e89

General

Target

2af9efd6ba1ac16729d30f17df7fc5263a55bf805d07bc247247c8ab8f926e89
Size

345KB
MD5

903442b1b6cb06cbdaea2ba2b03a3e20
SHA1

fa6ee2b6b20f85b51bee2f8e03d6d42539b7903f
SHA256

2af9efd6ba1ac16729d30f17df7fc5263a55bf805d07bc247247c8ab8f926e89
SHA512

09daf64fe3f73e2df0733100db4fd57c7ccf202062fe53c2a2071f8ba648fe0b29477286f5f82dd3124238c6eaaec6462fb56a4cbc293013ef4794d349d10297
SSDEEP

6144:pmcD66Rv5JGmrpQsK3RD2u270jupCJsCxC3IR7N80b:scD66QZ2zkPaCxdr

Score

10^/10

upx engenharia cybergate

Malware Config

Extracted

Family

cybergate

Version

2.6

Botnet

ENGENHARIA

C2

viva-la-vida.ddns.net:81

viva-la-vida.ddns.net:82

viva-la-vida.ddns.net:83

viva-la-vida.ddns.net:84

lkss.ddns.net:81

lkss.ddns.net:82

lkss.ddns.net:83

lkss.ddns.net:84

lkss.ddns.net:800

lkss.ddns.net:900

lkss.ddns.net:999

lkss.ddns.net:1000

wesleylucasz.ddns.net:81

wesleylucasz.ddns.net:82

wesleylucasz.ddns.net:83

wesleylucasz.ddns.net:84

wesleylucasz.ddns.net:800

wesleylucasz.ddns.net:900

wesleylucasz.ddns.net:999

Mutex

***MUTEX***

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./logs/
ftp_interval
30
injected_process
explorer.exe
install_dir
install
install_file
explorer.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
Virus MAGMA removido Computador 100%
message_box_title
MaGmA
password
123
regkey_hkcu
Win32
regkey_hklm
Win32

Signatures

Cybergate family
cybergate

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

2af9efd6ba1ac16729d30f17df7fc5263a55bf805d07bc247247c8ab8f926e89
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: 68KB - Virtual size: 68KB

UPX1 Size: 272KB - Virtual size: 272KB

.rsrc Size: 4KB - Virtual size: 4KB

UPX0
Size: 68KB - Virtual size: 68KB

UPX1
Size: 272KB - Virtual size: 272KB

.rsrc
Size: 4KB - Virtual size: 4KB