General
-
Target
aed40ec23c4190ea48d89c1c8e785bfbb8eb77e0d85d254ff2a970a40caafcf3
-
Size
277KB
-
MD5
560245a59d713d352728a91dd5e4cfee
-
SHA1
46193ef2dbe66da438c8ea030113f80fcd07a823
-
SHA256
aed40ec23c4190ea48d89c1c8e785bfbb8eb77e0d85d254ff2a970a40caafcf3
-
SHA512
78565370a811fbaa73adfe25b4a46bc52f53cf0fcee624f6c0d2e7274defe7aeb4662be02504c03e9601848337147b3aea378d21ac5246e98fd54cdf3dbb2c3c
-
SSDEEP
6144:/yuMwiLdfj2m7mrUsqWBn837FNldObO3k1jZ:quMww2m77sZB07FxObO32N
Score
10/10
Malware Config
Extracted
Family
cybergate
Version
v3.4.2.2
Botnet
hacked
C2
127.0.0.1:81
Mutex
55G0E75OYETX08
Attributes
-
enable_keylogger
true
-
enable_message_box
true
-
ftp_directory
./logs
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
Windir
-
install_file
svchsot.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
(The system cannot find the file specified. (0x80070002)
-
message_box_title
Error
-
password
crack
-
regkey_hkcu
HKCU
-
regkey_hklm
HKLM
Signatures
-
Cybergate family
Files
-
aed40ec23c4190ea48d89c1c8e785bfbb8eb77e0d85d254ff2a970a40caafcf3
Headers
Sections