General

  • Target

    e7dd8e14c7aa606bd8fc9420ed3fac2169d05e30c28adede2ee1a0911d928142

  • Size

    198KB

  • MD5

    420f962a84846fc16bb5ea89ce632be7

  • SHA1

    9234aa229bc6540ce99ca4dd3c139c3a18231fac

  • SHA256

    e7dd8e14c7aa606bd8fc9420ed3fac2169d05e30c28adede2ee1a0911d928142

  • SHA512

    7cf70347311a96c88a02d7231fac4159e33359380e59ad783cd766d3ba0e346a4349d654f0d1cc823aa73cecd1c6f979c7a46fa930bd3c9a9a479c0bfb75658a

  • SSDEEP

    3072:ZiG9l4CUKsJNWEx9beItPPjtq0svSa51sH4fdJ+KQSJNSY/ne7N:DAKsJNj3beICYa51T3VnUN

Score
10/10

Malware Config

Extracted

Family

cybergate

Version

2.2

Botnet

vítima

C2

127.0.0.1:81

Mutex

prince

Attributes
  • enable_keylogger

    true

  • enable_message_box

    false

  • ftp_directory

    ./logs/

  • ftp_interval

    30

  • injected_process

    explorer.exe

  • install_dir

    install

  • install_file

    prince

  • install_flag

    true

  • keylogger_enable_ftp

    false

  • message_box_caption

    texto da mensagem

  • message_box_title

    título da mensagem

  • password

    abcd1234

Signatures

Files

  • e7dd8e14c7aa606bd8fc9420ed3fac2169d05e30c28adede2ee1a0911d928142
    .exe windows x86


    Headers

    Sections