Overview

overview

10

Static

static

10

d568d80630...d0.exe

windows7-x64

8

d568d80630...d0.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    d568d806301bd08594ee43bc1a0f64116e60e2f9ff6feac380b714d3c8bb7fd0

  • Size

    281KB

  • MD5

    a38418d791a4c917dc15f8956bac6f8e

  • SHA1

    c83d84198b9ea2efb0057d677bfc98c956ee7f58

  • SHA256

    d568d806301bd08594ee43bc1a0f64116e60e2f9ff6feac380b714d3c8bb7fd0

  • SHA512

    0646ca6d101bd582c8fa041ae3b41af8604a1d6f2ea5d245c1d253e43dd4e6a35564021cc0f17098bc80875b50c966a9fc6b2b2cf7ae9e25fc898bada887f1c1

  • SSDEEP

    6144:+y+ph6TwlTIBgFUQ23QIKPhzD61+XEQY48T:7+pM0lIBgMAfN214lO

Score
10/10
zp chips!!!cybergate

Malware Config

Extracted

Family

cybergate

Version

v1.11.0

Botnet

zp chips!!!

C2

boykanyon.no-ip.biz:8777

boykanyon.no-ip.biz:4500
Mutex

D78725XPJV32T6

Attributes
  • enable_keylogger

    true

  • enable_message_box

    true

  • ftp_directory

    ./logs

  • ftp_interval

    30

  • injected_process

    explorer.exe

  • install_dir

    install

  • install_file

    update.exe

  • install_flag

    true

  • keylogger_enable_ftp

    false

  • message_box_caption

    Unable to run in this windows

  • message_box_title

    Error

  • password

    cybergate

  • regkey_hkcu

    HKCU

  • regkey_hklm

    HKLM

Signatures

Files

  • d568d806301bd08594ee43bc1a0f64116e60e2f9ff6feac380b714d3c8bb7fd0
    .exe windows x86


    Headers

    Sections