cybergate | eb71f462c91acd01d8e69236807db9823fd6ad9b7a1d778c5664d443b0ff9c78 | Triage

Sharing

General

Target

eb71f462c91acd01d8e69236807db9823fd6ad9b7a1d778c5664d443b0ff9c78
Size

113KB
Sample

221030-g4rvragear
MD5

a335b0a2aaff367ae7fa40dc801064bb
SHA1

d7c6f60d111e295351a152b5d628f2c96c40d505
SHA256

eb71f462c91acd01d8e69236807db9823fd6ad9b7a1d778c5664d443b0ff9c78
SHA512

68e7a43a150a0a5b5d7373e6b8ade1d01677782573f05b65df274fdfd35f9f09fc077d800185c0fee3d639faab36a4baddb9a68e406932b028b146b5f1b9946f
SSDEEP

1536:xuoATp+AW5oUEVWqX6nk59QFAqj4ulqxIl4ZryBcnxhCQOhjfY0KY:PATpuydVEOyqGnlqxIl4ZyBKhdOhbYY

Score

10^/10

cybergate 1

Malware Config

Extracted

Family

cybergate

Version

v1.07.5

Botnet

1

C2

94.102.0.56:82

Mutex

VE8548240R1EI6

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./logs/
ftp_interval
30
injected_process
explorer.exe
install_dir
install
install_file
server.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
Remote Administration anywhere in the world.
message_box_title
CyberGate
password
1

Targets

- Target
  
  eb71f462c91acd01d8e69236807db9823fd6ad9b7a1d778c5664d443b0ff9c78
- Size
  
  113KB
- MD5
  
  a335b0a2aaff367ae7fa40dc801064bb
- SHA1
  
  d7c6f60d111e295351a152b5d628f2c96c40d505
- SHA256
  
  eb71f462c91acd01d8e69236807db9823fd6ad9b7a1d778c5664d443b0ff9c78
- SHA512
  
  68e7a43a150a0a5b5d7373e6b8ade1d01677782573f05b65df274fdfd35f9f09fc077d800185c0fee3d639faab36a4baddb9a68e406932b028b146b5f1b9946f
- SSDEEP
  
  1536:xuoATp+AW5oUEVWqX6nk59QFAqj4ulqxIl4ZryBcnxhCQOhjfY0KY:PATpuydVEOyqGnlqxIl4ZyBKhdOhbYY
Score

1^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2