cybergate | 2b541ce551764cda4ec19cf40a6d62a6[.]bin

General

Target

2b541ce551764cda4ec19cf40a6d62a6.bin
Size

367KB
MD5

cf51f45940c7dbb706664a0c8d1985ac
SHA1

f304e174db3c1855401e324bcf90c2a7f54e6602
SHA256

891e05de23d4258731d44f1c7531b7c9f435cb1820852e5b4f4241babbb33bc6
SHA512

1d2feda6e5b2339c98a9e38c165c91dadf18503457cb5395341a3afdc9308af22217b2ea5f7ff3a3c98e5600e8ce6fdc06a2a2e54693ac91ed58dc14cd68431f
SSDEEP

6144:8sWOGE5xeVe6oVHd5p5bbT+udxRohN5s7/S/d2VTlN7ivvCYwtY0Z/n5EcYh/awo:8DI5Is6o7LV3Tgs7q/IlMand/n5EBh/i

Score

10^/10

remote cybergate

Malware Config

Extracted

Family

cybergate

Version

v3.4.2.2

Botnet

remote

C2

127.0.0.1:999

127.0.0.1:81

Mutex

NCK75D3YUE7Y2D

Attributes

enable_keylogger
false
enable_message_box
false
ftp_directory
./logs
ftp_interval
30
injected_process
svchost.exe
install_dir
hgf
install_file
hgf.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
Remote Administration anywhere in the world.
message_box_title
CyberGate
password
cybergate

Signatures

Cybergate family
cybergate

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/269aff53e58f71f5893d6d4bb552e57ab3f56d8b797259f8ed9a3ffc18a295b4.exe

Files

2b541ce551764cda4ec19cf40a6d62a6.bin
.zip

Password: infected
269aff53e58f71f5893d6d4bb552e57ab3f56d8b797259f8ed9a3ffc18a295b4.exe
.exe windows x86

Password: infected

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 292B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 385KB - Virtual size: 385KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infected

Password: infected

Headers

File Characteristics

Sections

CODE Size: 35KB - Virtual size: 34KB

DATA Size: 512B - Virtual size: 292B

BSS Size: - Virtual size: 2KB

.idata Size: 2KB - Virtual size: 2KB

.tls Size: - Virtual size: 8B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 2KB - Virtual size: 2KB

.rsrc Size: 385KB - Virtual size: 385KB

CODE
Size: 35KB - Virtual size: 34KB

DATA
Size: 512B - Virtual size: 292B

BSS
Size: - Virtual size: 2KB

.idata
Size: 2KB - Virtual size: 2KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 385KB - Virtual size: 385KB