cybergate | server[.]exe

General

Target

server.exe
Size

428KB
MD5

cd51ffa2aceadd97b91dca25a770039d
SHA1

58687d8807d28900f74cc87213b74b2ba1ba274a
SHA256

c4af8de8a61017c6e7f1371de2072b09b6b1eecc9df2deafbd7e26a6ab20d678
SHA512

e29766f08a4ccd2599de4898ce820c9bf98712c515cd6acac246b57bfa97296cf8356e59a8ab0524d63ca9efa2a705eb6140714c475ae0e857ebeb270e1b264f
SSDEEP

12288:BuMwpBi8vvrHxVPKyv2m77sZB07FxObO32J:BHwm8vrx52t07FQaE

Score

10^/10

remote cybergate

Malware Config

Extracted

Family

cybergate

Version

v3.4.2.2

Botnet

remote

C2

Sanael-30497.portmap.host:30497

Mutex

V18A00C01AP65P

Attributes

enable_keylogger
true
enable_message_box
true
ftp_directory
./logs
ftp_interval
30
injected_process
explorer.exe
install_dir
Svchost
install_file
ProcessUnit.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
El programa no se puede iniciar porque falta el archivo api-ms-win-crt-runtime-l1-1-0.dll en el ordenador. Intente volver a instalar el programa para solucionar este problema
message_box_title
System.exe - System Error
password
cybergate
regkey_hklm
HKLM

Signatures

Cybergate family
cybergate

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
server.exe

Files

server.exe
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 292B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 386KB - Virtual size: 385KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

File Characteristics

Sections

CODE Size: 35KB - Virtual size: 34KB

DATA Size: 512B - Virtual size: 292B

BSS Size: - Virtual size: 2KB

.idata Size: 2KB - Virtual size: 2KB

.tls Size: - Virtual size: 8B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 2KB - Virtual size: 2KB

.rsrc Size: 386KB - Virtual size: 385KB

CODE
Size: 35KB - Virtual size: 34KB

DATA
Size: 512B - Virtual size: 292B

BSS
Size: - Virtual size: 2KB

.idata
Size: 2KB - Virtual size: 2KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 386KB - Virtual size: 385KB