Overview

overview

10

Static

static

10

613d5cae09...44.exe

windows7-x64

10

613d5cae09...44.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    613d5cae09392206d71b21e0ad032c62d8631c52b4d3c0ab58a42a1b9796d544

  • Size

    264KB

  • MD5

    084271b27380d2a6a585a37f87516cb3

  • SHA1

    d24f663bed966b43a2d00082ff809f0c19b5bd0c

  • SHA256

    613d5cae09392206d71b21e0ad032c62d8631c52b4d3c0ab58a42a1b9796d544

  • SHA512

    c2bc4651c968803efcd0f3a6201b4e38ad7091778712d1eee841660e7b6c9e04c92eeb077d78ad79ba9fff7a970336a277da16e751707d44a79fad48edbce3c0

  • SSDEEP

    6144:Gi3V9Xe9L8OKX1Vb1B1YicEe9Bo17RLSG8EnSiAa:39vVFVFTcEe9eBD/lA

Score
10/10
upxtruecybergate

Malware Config

Extracted

Family

cybergate

Botnet

TRUE

C2

ÝØðÕÞÎÝÎÅý¼¼ûÙÈìÎÓßýØØÎÙÏϼ¼êÕÎÈÉÝÐìÎÓÈÙßȼ¼êÕÎÈÉÝÐýÐÐÓß¼¼êÕÎÈÉÝÐúÎÙÙ¼¼¼ùÄÕÈìÎÓßÙÏϼ¼¼ðÏÝÿÐÓÏÙ¼¼ÿÎÅÌÈéÒÌÎÓÈÙßÈøÝÈݼ¼ÿÓèÝÏ×ñÙÑúÎÙÙ¼¼¼ïÅÏúÎÙÙïÈÎÕÒÛ¼¼¼ìïÈÓÎÙÿÎÙÝÈÙõÒÏÈÝÒßÙ¼¼îÝÏùÒÉÑùÒÈÎÕÙÏý¼¼¼ïôûÙÈïÌÙßÕÝÐúÓÐØÙÎìÝÈÔý¼¼¼èÓýÏßÕÕ¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼1GL-31P706238FV8}

HKLM

HKCU

TRUE

16

0

.Net Framework Error

.Net Framework 4.12 is required to run this program.

FALSE

ftp.server.com

./logs/

ftp_user

ªš÷Öº+Þ

21

30
Mutex

Attributes
  • enable_keylogger

    false

  • enable_message_box

    true

  • install_dir

    TRUE

  • install_file

    TRUE

  • install_flag

    true

  • keylogger_enable_ftp

    false

  • message_box_caption

    TRUE

  • message_box_title

    TRUE

  • password

    FALSE

  • regkey_hkcu

    TRUE

  • regkey_hklm

    TRUE

Signatures

  • Cybergate family
    cybergate
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx

Files

  • 613d5cae09392206d71b21e0ad032c62d8631c52b4d3c0ab58a42a1b9796d544
    .exe windows x86


    Headers

    Sections

  • out.upx
    .exe windows x86


    Headers

    Sections