General

  • Target

    9e04fc2a311228e4ac32df2297fb978bd7cf7a24fcacfacf022cb816c80b0822

  • Size

    276KB

  • MD5

    8275f013fdba29c4bc20a0176abe589c

  • SHA1

    bea67b969107ae055ee32a335584e49704c3c536

  • SHA256

    9e04fc2a311228e4ac32df2297fb978bd7cf7a24fcacfacf022cb816c80b0822

  • SHA512

    47e70cafa98d01dc6e013a97ed8a8d7637a9573e67aa506676ffbc535ab1ca76303045ce2913ab8a5f1c03603b57be57cb78b45a870443a8001a6671589a76e8

  • SSDEEP

    6144:mk4qmJTcCTDOn5G3gtERKAfgsVz6zvt8PnMt8+13kfjqPZ:Z9qc5GwalIsVa8vwkfjq

Malware Config

Extracted

Family

cybergate

Version

2.6

Botnet

cakal076.zapto.org

C2

cakal076.zapto.org:81

Mutex

4H8E3GBWF

Attributes
  • enable_keylogger

    true

  • enable_message_box

    false

  • ftp_directory

    ./logs/

  • ftp_interval

    30

  • injected_process

    explorer.exe

  • install_dir

    install

  • install_file

    server.exe

  • install_flag

    true

  • keylogger_enable_ftp

    false

  • message_box_caption

    texto da mensagem

  • message_box_title

    título da mensagem

  • password

    cakal076.zapto

Signatures

  • Cybergate family
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

Files

  • 9e04fc2a311228e4ac32df2297fb978bd7cf7a24fcacfacf022cb816c80b0822
    .exe windows x86


    Headers

    Sections

  • out.upx
    .exe windows x86


    Headers

    Sections