cybergate | 8f75c8b3c86a43a1c24c0ddd7232bcfbb34bdc0a4081567bc001df0369b428b7 | Triage

Sharing

General

Target

8f75c8b3c86a43a1c24c0ddd7232bcfbb34bdc0a4081567bc001df0369b428b7
Size

177KB
Sample

221130-mf75qabh36
MD5

ba97763ef9562d99b096c79a50744a0f
SHA1

0acfd485ffb71e1c1d34ca539b4b0b694c8c3c00
SHA256

8f75c8b3c86a43a1c24c0ddd7232bcfbb34bdc0a4081567bc001df0369b428b7
SHA512

9444de046edebbe1b1187dd4aa0b598a548d45d8498eb5bde7d6fe7543b8d2733df87236ab7c6af93f28f0fbb4d8bd68ef47682465980d091c1b53c34bde637c
SSDEEP

3072:PATpuydVEOyqGnlqxIl4ZgBKhdOhbYCkW7E/Zuuke0Ey:POpslFlqbhdBCkWYxuukx

Score

10^/10

cybergate dylan

Malware Config

Extracted

Family

cybergate

Version

v1.07.5

Botnet

Dylan

C2

dyland.no-ip.biz:82

Mutex

6V3A2A2JL2BQN1

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./logs/
ftp_interval
30
injected_process
explorer.exe
install_dir
install
install_file
server.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
Remote Administration anywhere in the world.
message_box_title
CyberGate
password
123456
regkey_hkcu
HKCU
regkey_hklm
HKLM

Targets

- Target
  
  8f75c8b3c86a43a1c24c0ddd7232bcfbb34bdc0a4081567bc001df0369b428b7
- Size
  
  177KB
- MD5
  
  ba97763ef9562d99b096c79a50744a0f
- SHA1
  
  0acfd485ffb71e1c1d34ca539b4b0b694c8c3c00
- SHA256
  
  8f75c8b3c86a43a1c24c0ddd7232bcfbb34bdc0a4081567bc001df0369b428b7
- SHA512
  
  9444de046edebbe1b1187dd4aa0b598a548d45d8498eb5bde7d6fe7543b8d2733df87236ab7c6af93f28f0fbb4d8bd68ef47682465980d091c1b53c34bde637c
- SSDEEP
  
  3072:PATpuydVEOyqGnlqxIl4ZgBKhdOhbYCkW7E/Zuuke0Ey:POpslFlqbhdBCkWYxuukx
Score

1^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2