cybergate | 45c0472a286507b2a2307d9747f666da0e2438499e561dd4bb011413b271574d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

45c0472a286507b2a2307d9747f666da0e2438499e561dd4bb011413b271574d
Size

461KB
MD5

045180ebb6b8c5ee0b13b909011cd819
SHA1

7b15d36a171e9bce3a42439be9177c057cb610d7
SHA256

45c0472a286507b2a2307d9747f666da0e2438499e561dd4bb011413b271574d
SHA512

cf8f15c90a89ab8c4dcd26b24f69592b93059fd09a8d26d9cc66771ca83388a00cafe841197e0e277020f499835a39fcbb1de683826950e35005f8176e319d58
SSDEEP

6144:1mcD66RK5JGmrpQsK3RD2u270jupCJsCxCMIiS2:wcD66VZ2zkPaCxrS2

Score

10^/10

upx vítima cybergate

Malware Config

Extracted

Family

cybergate

Version

2.6

Botnet

vítima

C2

tare-hacker.no-ip.biz:81

Mutex

***MUTEX***

Attributes

enable_keylogger
true
enable_message_box
true
ftp_directory
./logs/
ftp_interval
30
ftp_password
ª÷Öº+Þ
ftp_port
21
ftp_server
ftp.server.com
ftp_username
ftp_user
injected_process
explorer.exe
install_dir
install
install_file
server.exe
install_flag
true
keylogger_enable_ftp
true
message_box_caption
texto da mensagem
message_box_title
título da mensagem
password
abcd1234
regkey_hkcu
HKCU
regkey_hklm
HKLM

Signatures

Cybergate family
cybergate

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Files

45c0472a286507b2a2307d9747f666da0e2438499e561dd4bb011413b271574d
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 280KB - Virtual size: 280KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE