General
-
Target
ad5ab1e09e7e8b287e405dc01cd870e45c4fcb97901e068e220eec8fba36228f
-
Size
885KB
-
Sample
221030-r48tdafgdk
-
MD5
a2dc5be65f6dc775deb38a17e7e5a8d4
-
SHA1
373531df9c61a613db545177dbf36afa8c9fc7a4
-
SHA256
ad5ab1e09e7e8b287e405dc01cd870e45c4fcb97901e068e220eec8fba36228f
-
SHA512
453b8b1e89162d378770f8cf27b7e317ea6127904ad5374eb5dc28ba22a9e0646da5f7de4c74908b368cb433cfa283f1e7123c5874ec61a62cde829fb35f8306
-
SSDEEP
12288:SQ5VpzCiEIT0dTQTdC83jdcYwn/D29VfWZsP5zHOPeZy1:rrp2YgTROiV/D29405Zy
Malware Config
Extracted
cybergate
v3.4.2.2
new
sexxpower.no-ip.biz:85
sexx.no-ip.info:85
sexxpower.no-ip.biz:110
sexx.no-ip.info:110
R8CXXT264E72G5
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
install
-
install_file
server.exe
-
install_flag
false
-
keylogger_enable_ftp
false
-
message_box_caption
Remote Administration anywhere in the world.
-
message_box_title
CyberGate
-
password
123456
-
regkey_hkcu
HKCU
-
regkey_hklm
HKLM
Targets
-
-
Target
ad5ab1e09e7e8b287e405dc01cd870e45c4fcb97901e068e220eec8fba36228f
-
Size
885KB
-
MD5
a2dc5be65f6dc775deb38a17e7e5a8d4
-
SHA1
373531df9c61a613db545177dbf36afa8c9fc7a4
-
SHA256
ad5ab1e09e7e8b287e405dc01cd870e45c4fcb97901e068e220eec8fba36228f
-
SHA512
453b8b1e89162d378770f8cf27b7e317ea6127904ad5374eb5dc28ba22a9e0646da5f7de4c74908b368cb433cfa283f1e7123c5874ec61a62cde829fb35f8306
-
SSDEEP
12288:SQ5VpzCiEIT0dTQTdC83jdcYwn/D29VfWZsP5zHOPeZy1:rrp2YgTROiV/D29405Zy
Score10/10-
CyberGate, Rebhip
CyberGate is a lightweight remote administration tool with a wide array of functionalities.
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of SetThreadContext
-