Overview

overview

10

Static

static

10

NEAS.57897...b0.exe

windows7-x64

10

NEAS.57897...b0.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    NEAS.578971b28699c7e916c1b45090a892b0.exe

  • Size

    280KB

  • MD5

    578971b28699c7e916c1b45090a892b0

  • SHA1

    eba08aaa3f7630ac57642b54e4aa624dedf56e7b

  • SHA256

    0342a216028215a72b8d0732df463bfcbefb64e4b3ec0a238a0cf00ce93bf20c

  • SHA512

    b26f30dfe7dc591c00e6b029fbc1b7e04e97f6055d8213ccda10ff2d28aa3d709eacb5d2620eae1a22d7bca3da903309b69fb07fa758454070a8d6383a448560

  • SSDEEP

    6144:Qk4qm/v8znxGH6ZgrCIQELEUf0YHNkgbiCGtOlW:r9ikQ6+9whYHNwfO

Score
10/10
upxtruecybergate

Malware Config

Extracted

Family

cybergate

Botnet

TRUE

C2

ÝØðÕÞÎÝÎÅý¼¼ûÙÈìÎÓßýØØÎÙÏϼ¼êÕÎÈÉÝÐìÎÓÈÙßȼ¼êÕÎÈÉÝÐýÐÐÓß¼¼êÕÎÈÉÝÐúÎÙÙ¼¼¼ùÄÕÈìÎÓßÙÏϼ¼¼ðÏÝÿÐÓÏÙ¼¼ÿÎÅÌÈéÒÌÎÓÈÙßÈøÝÈݼ¼ÿÓèÝÏ×ñÙÑúÎÙÙ¼¼¼ïÅÏúÎÙÙïÈÎÕÒÛ¼¼¼ìïÈÓÎÙÿÎÙÝÈÙõÒÏÈÝÒßÙ¼¼îÝÏùÒÉÑùÒÈÎÕÙÏý¼¼¼ïôûÙÈïÌÙßÕÝÐúÓÐØÙÎìÝÈÔý¼¼¼èÓýÏßÕÕ¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼4X7745-WQW6-GR05-83C3-J2A4J26U82BY}

FALSE

16

0

t?tulo da mensagem

texto da mensagem

TRUE

ftp.server.com

./logs/

ftp_user

ªš÷Öº+Þ

21

30
Mutex

Attributes
  • enable_keylogger

    false

  • enable_message_box

    false

  • install_dir

    TRUE

  • install_file

    TRUE

  • install_flag

    true

  • keylogger_enable_ftp

    false

  • message_box_caption

    TRUE

  • message_box_title

    TRUE

  • password

    TRUE

  • regkey_hkcu

    TRUE

  • regkey_hklm

    TRUE

Signatures

  • Cybergate family
    cybergate
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Unsigned PE 2 IoCs

    Checks for missing Authenticode signature.

Files

  • NEAS.578971b28699c7e916c1b45090a892b0.exe
    .exe windows:4 windows x86


    Headers

    Sections

  • out.upx
    .exe windows:4 windows x86


    Headers

    Sections