General

  • Target

    401ec0be84c7decacf67fefc6dbc2cb6bdc812562c9d3b90ab66e6ccbbf30c8d

  • Size

    296KB

  • MD5

    f25c9205b16cb287bc205a711a9d4df1

  • SHA1

    9c6951843cde3a685cfa42a284a5a5db26cdd492

  • SHA256

    401ec0be84c7decacf67fefc6dbc2cb6bdc812562c9d3b90ab66e6ccbbf30c8d

  • SHA512

    1d327c1cf6bd12acc59bc6c32e7d71f799d3cc934d0b10e7486ebddc3f995f6523ab20a39b265ba8d62f507c5d6bab6e11a2fa6ebae234a10234fe3b06bfb5f6

  • SSDEEP

    6144:POpslFlqehdBCkWYxuukP1pjSKSNVkq/MVJbB:PwslvTBd47GLRMTbB

Score
10/10

Malware Config

Extracted

Family

cybergate

Version

v1.07.5

Botnet

ee41

C2

ee41.no-ip.info:100

Mutex

A572H3TDFC5M55

Attributes
  • enable_keylogger

    true

  • enable_message_box

    false

  • ftp_directory

    ./logs/

  • ftp_interval

    30

  • injected_process

    taskmgr.exe

  • install_dir

    WinDir

  • install_file

    Svchost.exe

  • install_flag

    true

  • keylogger_enable_ftp

    false

  • message_box_caption

    Remote Administration anywhere in the world.

  • message_box_title

    CyberGate

  • password

    r4r4r4

  • regkey_hkcu

    HKCU

  • regkey_hklm

    HKLM

Signatures

Files

  • 401ec0be84c7decacf67fefc6dbc2cb6bdc812562c9d3b90ab66e6ccbbf30c8d
    .exe windows x86


    Headers

    Sections