General
-
Target
5350ee759ff31bd0b188d1068c3ecd6b34bf70be174f726f33d711e5b6f9e877
-
Size
328KB
-
Sample
221205-qxw1kaec73
-
MD5
39c358ee0daff93638ea38c734848529
-
SHA1
bf6f1de85e6207965652e479358d1d1f36828526
-
SHA256
5350ee759ff31bd0b188d1068c3ecd6b34bf70be174f726f33d711e5b6f9e877
-
SHA512
6ac711de8ec69a7b617de438459676a296167efa4660a5f5bb2f592f6b6dde5b37fb7c8b7c01b6d2f6b77f58a2d66c8ccab34b279bf295bf165c98fa10bc6261
-
SSDEEP
6144:Gk4qmaTavTMT4o1C5apw64ZRBW9KcKfVuD+0IP+4xFIKFA:59jZ1uddc2ADy+5a
Malware Config
Extracted
cybergate
2.6
TEST
127.0.0.1:81
satohack.zapto.org:81
bluelightning.zapto.org:81
***MUTEX***
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
Telnetdll
-
install_file
svchost.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
texto da mensagem
-
message_box_title
tÃtulo da mensagem
-
password
abcd1234
-
regkey_hkcu
Windows
-
regkey_hklm
Windows
Targets
-
-
Target
5350ee759ff31bd0b188d1068c3ecd6b34bf70be174f726f33d711e5b6f9e877
-
Size
328KB
-
MD5
39c358ee0daff93638ea38c734848529
-
SHA1
bf6f1de85e6207965652e479358d1d1f36828526
-
SHA256
5350ee759ff31bd0b188d1068c3ecd6b34bf70be174f726f33d711e5b6f9e877
-
SHA512
6ac711de8ec69a7b617de438459676a296167efa4660a5f5bb2f592f6b6dde5b37fb7c8b7c01b6d2f6b77f58a2d66c8ccab34b279bf295bf165c98fa10bc6261
-
SSDEEP
6144:Gk4qmaTavTMT4o1C5apw64ZRBW9KcKfVuD+0IP+4xFIKFA:59jZ1uddc2ADy+5a
Score10/10-
CyberGate, Rebhip
CyberGate is a lightweight remote administration tool with a wide array of functionalities.
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-