Overview

overview

10

Static

static

10

8681b4a716...13.exe

windows7-x64

10

8681b4a716...13.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    8681b4a7163da7296c4b511d584c374a602a2e40f3858b414ca002a7b3075613

  • Size

    296KB

  • MD5

    45a88786fd40cd27d9752ecc7625a5c6

  • SHA1

    43446e362beb21518feb15192daeaf1887940118

  • SHA256

    8681b4a7163da7296c4b511d584c374a602a2e40f3858b414ca002a7b3075613

  • SHA512

    b0c8ea1a3ffb181b750c585372dfb3eba5c7097caf64d3e821760bfe9f50326c6e6500918d8f9999215efc79cb64adb9cef81ab5dd45410a69c65231c0f5dcb2

  • SSDEEP

    6144:POpslFlqGhdBCkWYxuukP1pjSKSNVkq/MVJbF:PwslpTBd47GLRMTbF

Score
10/10
khan007cybergate

Malware Config

Extracted

Family

cybergate

Version

v1.07.5

Botnet

khan007

C2

janbaba.no-ip.org:87

Mutex

8T1842SX5FW4LH

Attributes
  • enable_keylogger

    true

  • enable_message_box

    false

  • ftp_directory

    ./logs/

  • ftp_interval

    30

  • injected_process

    explorer.exe

  • install_dir

    install

  • install_file

    server.exe

  • install_flag

    true

  • keylogger_enable_ftp

    false

  • message_box_caption

    Remote Administration anywhere in the world.

  • message_box_title

    CyberGate

  • password

    123456

  • regkey_hkcu

    HKCU

  • regkey_hklm

    HKLM

Signatures

Files

  • 8681b4a7163da7296c4b511d584c374a602a2e40f3858b414ca002a7b3075613
    .exe windows x86


    Headers

    Sections