cybergate | 956-71-0x0000000000200000-0x0000000000271000-memory[.]dmp | Triage

Submit
Reports

Overview

overview

Static

static

956-71-0x0...ry.exe

windows7-x64

1

956-71-0x0...ry.exe

windows10-2004-x64

1

Sharing

Static task

static1

remote cybergate

1 signatures

Behavioral task

behavioral1

Sample

956-71-0x0000000000200000-0x0000000000271000-memory.exe

Resource

win7-20220812-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

956-71-0x0000000000200000-0x0000000000271000-memory.exe

Resource

win10v2004-20220901-en

windows10-2004-x64

0 signatures

150 seconds

General

Target

956-71-0x0000000000200000-0x0000000000271000-memory.dmp
Size

452KB
MD5

8dd8b9b932429b82b36739cdee16b8f8
SHA1

edbb4195650d190221b3e3d786bcedbb71d58d0e
SHA256

3f18239ed49c840b7ac9a02165e4b053ce58f5408b8288cef5f2ef18a819e925
SHA512

0e4259a2a7e34f1d01d833e9cfc39c9be0a51c082602dceb305b4457dfd7c709bcfe7b5acb42140f0db2c2fdff5e35daed1c7e33f187c53bf7deb1c597d52155
SSDEEP

12288:FuMwQBi8vvrHxVPKyv2m77sZB07FxObO32:FHwx8vrx52t07FQa

Score

10^/10

remote cybergate

Malware Config

Extracted

Family

cybergate

Version

v3.4.2.2

Botnet

remote

C2

asade.no-ip.org:25565

Mutex

6V0GC234T62RSO

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./logs
injected_process
explorer.exe
install_dir
system
install_file
windows
install_flag
true
keylogger_enable_ftp
false
message_box_caption
Remote Administration anywhere in the world.
message_box_title
CyberGate
password
cybergate

Signatures

Cybergate family
cybergate

Files

956-71-0x0000000000200000-0x0000000000271000-memory.dmp
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 292B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 385KB - Virtual size: 385KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

© 2018-2025

Terms | Privacy