General

  • Target

    a23a970d7b7ccd53ef094c03e6276ec979e3a0cc72dd3a5e894a62f77e3482f4

  • Size

    296KB

  • Sample

    221030-g4yy3agebl

  • MD5

    934b1a799a262bbc72836e1f2f7d1d30

  • SHA1

    2d42b79af5995e929dbd64a4b80315611f261ca2

  • SHA256

    a23a970d7b7ccd53ef094c03e6276ec979e3a0cc72dd3a5e894a62f77e3482f4

  • SHA512

    d3941a7d7d79b956f8198e2a8bb5aa0f93e58b7f19459c744a57b0d8c48d2ce4012c51571f04b1e40d3584afcf0ccc9b459eb3580f5910e063cc3b95e1f00c85

  • SSDEEP

    6144:/OpslFlqohdBCkWYxuukP1pjSKSNVkq/MVJbB:/wslXTBd47GLRMTbB

Malware Config

Extracted

Family

cybergate

Version

v1.07.5

Botnet

Vaflis

C2

Waflis404.no-ip.biz:100

Mutex

0KYRNGIPE3AJ4C

Attributes
  • enable_keylogger

    true

  • enable_message_box

    false

  • ftp_directory

    ./logs/

  • ftp_interval

    30

  • injected_process

    explorer.exe

  • install_dir

    install

  • install_file

    server.exe

  • install_flag

    true

  • keylogger_enable_ftp

    false

  • message_box_caption

    Error - Couldn see your ports at 100

  • message_box_title

    Soft Ror

  • password

    123456

Targets

    • Target

      a23a970d7b7ccd53ef094c03e6276ec979e3a0cc72dd3a5e894a62f77e3482f4

    • Size

      296KB

    • MD5

      934b1a799a262bbc72836e1f2f7d1d30

    • SHA1

      2d42b79af5995e929dbd64a4b80315611f261ca2

    • SHA256

      a23a970d7b7ccd53ef094c03e6276ec979e3a0cc72dd3a5e894a62f77e3482f4

    • SHA512

      d3941a7d7d79b956f8198e2a8bb5aa0f93e58b7f19459c744a57b0d8c48d2ce4012c51571f04b1e40d3584afcf0ccc9b459eb3580f5910e063cc3b95e1f00c85

    • SSDEEP

      6144:/OpslFlqohdBCkWYxuukP1pjSKSNVkq/MVJbB:/wslXTBd47GLRMTbB

    • CyberGate, Rebhip

      CyberGate is a lightweight remote administration tool with a wide array of functionalities.

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Matrix

Tasks