Overview

overview

10

Static

static

10

a057268eef...6a.exe

windows7-x64

10

a057268eef...6a.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a057268eefcc3eda24aebc1509e18131ca3c4c00c108d1c14ea19eca20f9ae6a

  • Size

    628KB

  • MD5

    4a9a3d8e8e08fad798c864910498b4e8

  • SHA1

    4819cb1f265895568b3777569c82308b10e9e6b8

  • SHA256

    a057268eefcc3eda24aebc1509e18131ca3c4c00c108d1c14ea19eca20f9ae6a

  • SHA512

    03f3e3fd8ec41ee8350f24c612d84b083e5f9a11192c8df45e8ea94e264e0c30cc9bdf7af3c3beda541fde7902ac6cbcfd4123d3fa1726a4471466b727a6cf0a

  • SSDEEP

    6144:N4ABFcdCdZLL3pAuO/50BTnyZsSaXhh4XAS79hO9R0O91FG+:WU6GLyWSKaAS79MEqfG

Score
10/10
neracybergate

Malware Config

Extracted

Family

cybergate

Version

v1.05.1

Botnet

NERA

C2

ayarbaban.no-ip.biz:83

Mutex

S04Q23AF4N877G

Attributes
  • enable_keylogger

    true

  • enable_message_box

    false

  • ftp_directory

    ./logs/

  • ftp_interval

    30

  • injected_process

    explorer.exe

  • install_dir

    install

  • install_file

    server.exe

  • install_flag

    true

  • keylogger_enable_ftp

    false

  • message_box_title

    Error

  • password

    1234567

  • regkey_hkcu

    HKCU

  • regkey_hklm

    HKLM

Signatures

Files

  • a057268eefcc3eda24aebc1509e18131ca3c4c00c108d1c14ea19eca20f9ae6a
    .exe windows x86


    Headers

    Sections