General
-
Target
d08e5ac4940c1fa02ac1e02f40a2d4d9824989aeb5aa5dcc02c20e77d3917f24
-
Size
372KB
-
Sample
221205-ftpf7sda9z
-
MD5
bf7ebf50d9ba184a5be612cf7bbc9970
-
SHA1
1e2beb2e30780e4a81d5e1de7e71e081704fd34e
-
SHA256
d08e5ac4940c1fa02ac1e02f40a2d4d9824989aeb5aa5dcc02c20e77d3917f24
-
SHA512
10da80adc93aa7b6c8a788d3c5afdf30d5675c5c597e4139ff021930ceb8a781a2e0f740e2c18bec784a6b7d24c404b92f7f064ee49e108eac5f48d28c5b3fec
-
SSDEEP
6144:AsFVptTEzuhnZaMSXIPoEShjSX3KYv4hNqPA1iZFl0JFvuWUNtV:A6VEKRk3lEsSnb4hNEKmFl0J9WNtV
Malware Config
Extracted
cybergate
v1.04.8
victima
juegosbuenos.no-ip.org:7777
juegosbuenos.no-ip.org:8888
JXA662P6726BS1
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
sys
-
install_file
svhost.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
Please try later
-
message_box_title
Error
-
password
willemsil
-
regkey_hkcu
HKCU
-
regkey_hklm
HKLM
Targets
-
-
Target
d08e5ac4940c1fa02ac1e02f40a2d4d9824989aeb5aa5dcc02c20e77d3917f24
-
Size
372KB
-
MD5
bf7ebf50d9ba184a5be612cf7bbc9970
-
SHA1
1e2beb2e30780e4a81d5e1de7e71e081704fd34e
-
SHA256
d08e5ac4940c1fa02ac1e02f40a2d4d9824989aeb5aa5dcc02c20e77d3917f24
-
SHA512
10da80adc93aa7b6c8a788d3c5afdf30d5675c5c597e4139ff021930ceb8a781a2e0f740e2c18bec784a6b7d24c404b92f7f064ee49e108eac5f48d28c5b3fec
-
SSDEEP
6144:AsFVptTEzuhnZaMSXIPoEShjSX3KYv4hNqPA1iZFl0JFvuWUNtV:A6VEKRk3lEsSnb4hNEKmFl0J9WNtV
Score10/10-
CyberGate, Rebhip
CyberGate is a lightweight remote administration tool with a wide array of functionalities.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-