General

  • Target

    2af9efd6ba1ac16729d30f17df7fc5263a55bf805d07bc247247c8ab8f926e89

  • Size

    345KB

  • MD5

    903442b1b6cb06cbdaea2ba2b03a3e20

  • SHA1

    fa6ee2b6b20f85b51bee2f8e03d6d42539b7903f

  • SHA256

    2af9efd6ba1ac16729d30f17df7fc5263a55bf805d07bc247247c8ab8f926e89

  • SHA512

    09daf64fe3f73e2df0733100db4fd57c7ccf202062fe53c2a2071f8ba648fe0b29477286f5f82dd3124238c6eaaec6462fb56a4cbc293013ef4794d349d10297

  • SSDEEP

    6144:pmcD66Rv5JGmrpQsK3RD2u270jupCJsCxC3IR7N80b:scD66QZ2zkPaCxdr

Malware Config

Extracted

Family

cybergate

Version

2.6

Botnet

ENGENHARIA

C2

viva-la-vida.ddns.net:81

viva-la-vida.ddns.net:82

viva-la-vida.ddns.net:83

viva-la-vida.ddns.net:84

lkss.ddns.net:81

lkss.ddns.net:82

lkss.ddns.net:83

lkss.ddns.net:84

lkss.ddns.net:800

lkss.ddns.net:900

lkss.ddns.net:999

lkss.ddns.net:1000

wesleylucasz.ddns.net:81

wesleylucasz.ddns.net:82

wesleylucasz.ddns.net:83

wesleylucasz.ddns.net:84

wesleylucasz.ddns.net:800

wesleylucasz.ddns.net:900

wesleylucasz.ddns.net:999

Mutex

***MUTEX***

Attributes
  • enable_keylogger

    true

  • enable_message_box

    false

  • ftp_directory

    ./logs/

  • ftp_interval

    30

  • injected_process

    explorer.exe

  • install_dir

    install

  • install_file

    explorer.exe

  • install_flag

    true

  • keylogger_enable_ftp

    false

  • message_box_caption

    Virus MAGMA removido Computador 100%

  • message_box_title

    MaGmA

  • password

    123

  • regkey_hkcu

    Win32

  • regkey_hklm

    Win32

Signatures

  • Cybergate family
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

Files

  • 2af9efd6ba1ac16729d30f17df7fc5263a55bf805d07bc247247c8ab8f926e89
    .exe windows x86


    Headers

    Sections