cybergate | 4d5e71e967c16d841cb2e3c68e4c40a18a7a26df2f19803534ca6b6c975a03da

General

Target

4d5e71e967c16d841cb2e3c68e4c40a18a7a26df2f19803534ca6b6c975a03da
Size

284KB
MD5

08b4ce123be88feb7981d49d0d765081
SHA1

cefbc2619aa359ff9e73d526cf8e4f384a3ab600
SHA256

4d5e71e967c16d841cb2e3c68e4c40a18a7a26df2f19803534ca6b6c975a03da
SHA512

51349e4e4526c0b8e7dd66f93cdb167e705f81471ce099d3c3752995532d3b6bacfe2551b4f448898860863af13dfa92ad53f7100b3b38be3afcb91bb02d154d
SSDEEP

6144:bmcD66RRjW5JGmrpQsK3FD2u270jupCJsCxCU:CcD663v92zkPaCxn

Score

10^/10

point blank cybergate

Malware Config

Extracted

Family

cybergate

Version

2.6

Botnet

Point Blank

C2

ambotv18.no-ip.org:81

ambotv18.no-ip.org:82

ambotv18.no-ip.org:80

ambotv18.no-ip.org:4000

Mutex

***MUTEX***

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./logs/
ftp_interval
30
injected_process
explorer.exe
install_dir
Microsoft
install_file
server.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
texto da mensagem
message_box_title
título da mensagem
password
123
regkey_hkcu
System
regkey_hklm
System32

Signatures

Cybergate family
cybergate

Files

4d5e71e967c16d841cb2e3c68e4c40a18a7a26df2f19803534ca6b6c975a03da
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 544B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 231KB - Virtual size: 230KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

File Characteristics

Sections

CODE Size: 44KB - Virtual size: 44KB

DATA Size: 1024B - Virtual size: 544B

BSS Size: - Virtual size: 4KB

.idata Size: 3KB - Virtual size: 2KB

.tls Size: - Virtual size: 8B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 3KB - Virtual size: 2KB

.rsrc Size: 231KB - Virtual size: 230KB

CODE
Size: 44KB - Virtual size: 44KB

DATA
Size: 1024B - Virtual size: 544B

BSS
Size: - Virtual size: 4KB

.idata
Size: 3KB - Virtual size: 2KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 231KB - Virtual size: 230KB