Overview

overview

10

Static

static

10

090c070985...d4.exe

windows7-x64

10

090c070985...d4.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    090c0709850040f2b923b54e74e636d4

  • Size

    281KB

  • MD5

    090c0709850040f2b923b54e74e636d4

  • SHA1

    77b9bbc8d72507a77377cccf3bb7921073f1df57

  • SHA256

    7bf6b439608723e616a5c5c8f472577d30a846a1f8f5b7e2ede15b1892bd9978

  • SHA512

    49f0515193c766c85f7564b84f1814b86340d00aec737636e3ea05608a271f9b966780ea436dfcb152d7cc0a05c1bc22832cb079153304c348bc4c505a6d3e1b

  • SSDEEP

    6144:ey+phtTwlTLfkixFUQKf3D7TnBAZ5qhbx5:b+pf0lYixsfvDBAzK95

Score
10/10
lynxcybergate

Malware Config

Extracted

Family

cybergate

Version

v1.11.0 - Public Version

Botnet

Lynx

C2

pgkrat.no-ip.org:5150

Mutex

0L51IM5ID777YR

Attributes
  • enable_keylogger

    true

  • enable_message_box

    true

  • ftp_directory

    ./logs

  • ftp_interval

    30

  • injected_process

    explorer.exe

  • install_dir

    WindowsUpdate

  • install_file

    server.exe

  • install_flag

    true

  • keylogger_enable_ftp

    false

  • message_box_caption

    An error occured.

  • message_box_title

    Error

  • password

    54s3bx

  • regkey_hklm

    WindowsUpdate

Signatures

  • Cybergate family
    cybergate
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 090c0709850040f2b923b54e74e636d4
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections