Overview

overview

10

Static

static

10

6d98b8db56...2e.exe

windows7-x64

10

6d98b8db56...2e.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    6d98b8db564cb5daa7dabdf2c327942e

  • Size

    281KB

  • MD5

    6d98b8db564cb5daa7dabdf2c327942e

  • SHA1

    8173d6fcaee227dea78ad77e45882a3d2d70148b

  • SHA256

    6509fb34fa901348a5538b3fc96ecd4f3337fc177b20f8d675019571066aadf7

  • SHA512

    1559b4bade2aa6124b6d48b7edad0fa1a69f77a2f31905805807cdf30fb2cf3f2c112f71a5771f8ae6f80288adbc6f16ff039b085a3950f16e40f20fecaf3861

  • SSDEEP

    6144:FS5p9kHFVvXKkWbmHCSkM0qdrsQCfhaCvsqG4v1p0HbCtJ:Q3GFFnWb42MuQk2wp0HOtJ

Score
10/10
mahfoudcybergate

Malware Config

Extracted

Family

cybergate

Version

v1.20.11 - Trial

Botnet

mahfoud

C2

p2p4me.no-ip.org:999

Mutex

708IA6U8SIY62E

Attributes
  • enable_keylogger

    true

  • enable_message_box

    false

  • ftp_directory

    ./logs

  • ftp_interval

    30

  • injected_process

    explorer.exe

  • install_dir

    install

  • install_file

    server.exe

  • install_flag

    true

  • keylogger_enable_ftp

    false

  • message_box_caption

    Remote Administration anywhere in the world.

  • message_box_title

    CyberGate

  • password

    mahfoud

Signatures

  • Cybergate family
    cybergate
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 6d98b8db564cb5daa7dabdf2c327942e
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections