Overview

overview

10

Static

static

10

f0506d88c5...31.exe

windows7-x64

10

f0506d88c5...31.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    f0506d88c5ca1b8a03fff27be7c0bb8889a124e295943ed179a03a12950a6031

  • Size

    413KB

  • MD5

    d843ccebf6f348216e35cf29b7162a1e

  • SHA1

    63a31b4544239c664e2862d180f21465f4182f17

  • SHA256

    f0506d88c5ca1b8a03fff27be7c0bb8889a124e295943ed179a03a12950a6031

  • SHA512

    08ea1d6e857046e54bfa50825284b8e806db51d9bf592e7b6184c94f868e107ca14156f10f9c3e8253d80545163b7cb97fc65b06ce2cadacb9690b42122b9e57

  • SSDEEP

    12288:6jEjuxeVp5eAtpVxag1bvgEL6NdC62kVk:6jSuxetN1bYEK2j

Score
10/10
öííécybergate

Malware Config

Extracted

Family

cybergate

Version

v1.03.0

Botnet

ÖÍíÉ

C2

hasan.no-ip.info:81

skypekhasssn128.no-ip.info:81
Mutex

556J47148E4P5Q

Attributes
  • enable_keylogger

    true

  • enable_message_box

    false

  • ftp_directory

    ./logs/

  • ftp_interval

    30

  • injected_process

    explorer.exe

  • install_dir

    install

  • install_file

    server.exe

  • install_flag

    true

  • keylogger_enable_ftp

    false

  • message_box_caption

    Remote Administration anywhere in the world.

  • message_box_title

    CyberGate

  • password

    12356

  • regkey_hkcu

    HKCU

  • regkey_hklm

    HKLM

Signatures

Files

  • f0506d88c5ca1b8a03fff27be7c0bb8889a124e295943ed179a03a12950a6031
    .exe windows x86


    Headers

    Sections