cybergate | 40fc7c2aafe74a99c4293167ab7e851bf979ac2168e6acca194a2efbb5d61994 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

40fc7c2aafe74a99c4293167ab7e851bf979ac2168e6acca194a2efbb5d61994
Size

70KB
Sample

221030-whmfgadfgn
MD5

83529dad6634add8fb3c5ae5a2bc9bd0
SHA1

6b234c347c16b1429472dfe5a1477e03148f6f75
SHA256

40fc7c2aafe74a99c4293167ab7e851bf979ac2168e6acca194a2efbb5d61994
SHA512

9e11cd1e1576fab8aa4906ca170d3003941786a93674cfb4db602db306a20e91d2493a30833ddd01031f76ff694b6efa424cffb7c05b7b4351604073c8fa2374
SSDEEP

1536:d3CdGlce3i8g/g0AJnVHHn3tCnkgVQrc+:RiGl1it/5AJnVnn3t4PVk

Score

10^/10

cybergate client

Malware Config

Extracted

Family

cybergate

Version

v1.05.1

Botnet

client

C2

127.0.0.1:999

Mutex

4RU7SKV1AU78H6

Attributes

enable_keylogger
false
enable_message_box
true
ftp_directory
./htdocs/
ftp_interval
30
ftp_password
197346825
ftp_port
21
ftp_server
ftp.0fees.net
ftp_username
fees0_13119641
injected_process
explorer.exe
install_dir
install
install_file
server.exe
install_flag
true
keylogger_enable_ftp
true
message_box_caption
This is not a valid System32 file 0x84769426. For solutions contact the software provider or go to www.hackfbin1min.com.
message_box_title
Error 537:
password
aman

Targets

- Target
  
  40fc7c2aafe74a99c4293167ab7e851bf979ac2168e6acca194a2efbb5d61994
- Size
  
  70KB
- MD5
  
  83529dad6634add8fb3c5ae5a2bc9bd0
- SHA1
  
  6b234c347c16b1429472dfe5a1477e03148f6f75
- SHA256
  
  40fc7c2aafe74a99c4293167ab7e851bf979ac2168e6acca194a2efbb5d61994
- SHA512
  
  9e11cd1e1576fab8aa4906ca170d3003941786a93674cfb4db602db306a20e91d2493a30833ddd01031f76ff694b6efa424cffb7c05b7b4351604073c8fa2374
- SSDEEP
  
  1536:d3CdGlce3i8g/g0AJnVHHn3tCnkgVQrc+:RiGl1it/5AJnVnn3t4PVk
Score

1^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

clientcybergate

behavioral1

behavioral2