cybergate | ef5b4c8fc34e1831b704ff723fa07439f50477be4f44fb86cf6f7b27c1a2e7ca | Triage

Sharing

General

Target

ef5b4c8fc34e1831b704ff723fa07439f50477be4f44fb86cf6f7b27c1a2e7ca
Size

353KB
MD5

5882e54188bc0696cf2dcb5e07423878
SHA1

e56bb12eb9b3eba526eeb8d1406b747e2f84a02e
SHA256

ef5b4c8fc34e1831b704ff723fa07439f50477be4f44fb86cf6f7b27c1a2e7ca
SHA512

9a95993a87fbc3262417ba9a44e976b64c7924ac03836199f59214574132e0add4f30391e707d1c31e5c518701afeff8fc002e912f5c910c42fb892235ae37d0
SSDEEP

6144:ZmcD66RM5JGmrpQsK3RD2u270jupCJsCxCMIV3wQC:8cD66vZ2zkPaCx+

Score

10^/10

upx öííé cybergate

Malware Config

Extracted

Family

cybergate

Version

2.6

Botnet

ÖÍíÉ

C2

127.0.0.1:288

Mutex

***MUTEX***

Attributes

enable_keylogger
true
enable_message_box
true
ftp_directory
./logs/
ftp_interval
30
injected_process
svchost.exe
install_file
windows.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
Ur PC Has Been Hacked .. ÇáÍíÇÉ áíÓÊ ÌãíáÉ ÏæãÇð
message_box_title
IMPORTANT !!
password
abcd1234

Signatures

Cybergate family
cybergate

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Files

ef5b4c8fc34e1831b704ff723fa07439f50477be4f44fb86cf6f7b27c1a2e7ca
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 280KB - Virtual size: 280KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE