General
-
Target
4904cc967662ae3c5918343d09562f3f1b942cf5196ff0d5b59c07601809fb36
-
Size
167KB
-
MD5
7472b01be790555d93b6409fd1527d50
-
SHA1
853919b939243b188531bcb61dbcc379964b67c5
-
SHA256
4904cc967662ae3c5918343d09562f3f1b942cf5196ff0d5b59c07601809fb36
-
SHA512
e14ca36570789c6341951c68f6b291636c7c616e60798523efb61df98c42c2eb5e4706de34c7b49ebf29bd63a1059162accf15ac5b40359e9ed21df84e3170f6
-
SSDEEP
3072:uvisDdya6C1XV4mCCgYgG+Z3iVAHzYKvydZOAWpZ2gWp3aKpYQgB9i:ujya6C1XV4iMiVAHVvyitpZ29lbgB
Malware Config
Extracted
cybergate
FALSE
ÝØðÕÞÎÝÎÅý¼¼ûÙÈìÎÓßýØØÎÙÏϼ¼êÕÎÈÉÝÐìÎÓÈÙßȼ¼êÕÎÈÉÝÐýÐÐÓß¼¼êÕÎÈÉÝÐúÎÙÙ¼¼¼ùÄÕÈìÎÓßÙÏϼ¼¼ðÏÝÿÐÓÏÙ¼¼ÿÎÅÌÈéÒÌÎÓÈÙßÈøÝÈݼ¼óÐÙõÒÕÈÕÝÐÕÆÙ¼¼¼ïÅÏúÎÙÙïÈÎÕÒÛ¼¼¼ìïÈÓÎÙÿÎÙÝÈÙõÒÏÈÝÒßÙ¼¼îÝÏùÒÉÑùÒÈÎÕÙÏý¼¼¼ïôûÙÈïÌÙßÕÝÐúÓÐØÙÎìÝÈÔý¼¼¼ÿÔÝÎòÙÄÈý¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼install
server.exe
{08B0E5JF-4FCB-11CF-AAA5-00401C6XX500}
FALSE
16
0
Rover12421µÄÎʺò
ÕâÊÇÀ´×ÔÓÚRover12421µÄÎʺò£¡
TRUE
ftp.server.com
./logs/
ftp_user
ª÷Ö???û4
21
-
enable_keylogger
false
-
enable_message_box
false
-
ftp_directory
f1c7326fe92e0ecdffe407e8fe289a31
-
install_dir
FALSE
-
install_file
FALSE
-
install_flag
false
-
keylogger_enable_ftp
false
-
message_box_caption
FALSE
-
message_box_title
explorer.exe
-
password
FALSE
-
regkey_hkcu
FALSE
-
regkey_hklm
FALSE
Signatures
-
Cybergate family
-
UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
Files
-
4904cc967662ae3c5918343d09562f3f1b942cf5196ff0d5b59c07601809fb36
Headers
Sections
-
out.upx
Headers
Sections