General

  • Target

    f5d3d3ba311953c28c95f4ba028057e0821a24b30941bb4e9e2cfb4e138cfa71

  • Size

    277KB

  • MD5

    542ab21c0b1b35315a6d0aa8f6909ead

  • SHA1

    d5418ebf1dae3abec4c9dedbb7bbc3aa48091e81

  • SHA256

    f5d3d3ba311953c28c95f4ba028057e0821a24b30941bb4e9e2cfb4e138cfa71

  • SHA512

    b50d4c555239443a74523e1b475d10ac91722168ab24851be5b54b144a2851e7b482e2995f1ba41a575eb43f8d55de5257138b4d83314524a45ab1bd86295301

  • SSDEEP

    6144:/yuMwiLdft2m7mrUsqWBn837FNldObO3k1jt:quMwm2m77sZB07FxObO32J

Score
10/10

Malware Config

Extracted

Family

cybergate

Version

v3.4.2.2

Botnet

PoTae

C2

potae.no-ip.info:81

Mutex

337N034UB05S83

Attributes
  • enable_keylogger

    true

  • enable_message_box

    false

  • ftp_directory

    ./logs

  • ftp_interval

    30

  • injected_process

    explorer.exe

  • install_dir

    install

  • install_file

    server.exe

  • install_flag

    true

  • keylogger_enable_ftp

    false

  • message_box_caption

    Remote Administration anywhere in the world.

  • message_box_title

    CyberGate

  • password

    cybergate

  • regkey_hkcu

    HKCU

  • regkey_hklm

    HKLM

Signatures

Files

  • f5d3d3ba311953c28c95f4ba028057e0821a24b30941bb4e9e2cfb4e138cfa71
    .exe windows x86


    Headers

    Sections