General

  • Target

    e068b2f3d4846a8414cb6428e2ccbd553aedf4cd98e97d154ca9f5ec46fb511d

  • Size

    276KB

  • MD5

    0349f9f326f53a17645ff9e54e7ffb00

  • SHA1

    28d411435c003e398ea44b81b55649f0f10a6997

  • SHA256

    e068b2f3d4846a8414cb6428e2ccbd553aedf4cd98e97d154ca9f5ec46fb511d

  • SHA512

    a3e5d8bbd61d6642eba170d83d285021d2e1e7879f6681d9b177972ef715f4061c4c60016c88b2bc89bd059b08c2d55b38f4caa05916857871532f3670409e22

  • SSDEEP

    6144:P4ABF94TpAuO/50BTnqPd0Mpz7qhh4nXjjf8MZ9BKXK1:AUJGLE0kuGnESB1

Score
10/10

Malware Config

Extracted

Family

cybergate

Version

v1.04.8

Botnet

remote

C2

127.0.0.1:81

presumecoupable.no-ip.biz:81

Mutex

7777A5E0R4Y387

Attributes
  • enable_keylogger

    true

  • enable_message_box

    false

  • ftp_directory

    ./logs/

  • ftp_interval

    30

  • injected_process

    explorer.exe

  • install_dir

    install

  • install_file

    system.exe

  • install_flag

    true

  • keylogger_enable_ftp

    false

  • message_box_caption

    Remote Administration anywhere in the world.

  • message_box_title

    CyberGate

  • password

    1

  • regkey_hkcu

    HKCU

  • regkey_hklm

    HKLM

Signatures

Files

  • e068b2f3d4846a8414cb6428e2ccbd553aedf4cd98e97d154ca9f5ec46fb511d
    .exe windows x86


    Headers

    Sections