cybergate | 16aae43f5e77fe6ead4d6ad466d0bd84

General

Target

16aae43f5e77fe6ead4d6ad466d0bd84
Size

63KB
MD5

16aae43f5e77fe6ead4d6ad466d0bd84
SHA1

47ca09a13075b5ac5e90e52a9447dde57178c04f
SHA256

42c22f4018c05a1723ee86c7d32544c00d1a761b94a7ca94e2edec0195b0c1cd
SHA512

fe2b1daba57ca53cd6529f08c6c63b42a1c9b049e692ff4efa1bd5c29945f8c617806f2b1496ea4a2e846318661ee92ea259831c262d8bb3a66761789930f8c7
SSDEEP

768:BmpM8lRGb8sXmJ8az+KpSbJLYuerBpcY4qTXlXrPL2xj0e1TKENIRWVO+6EXBmN2:BaztSaz+KpSmtRX97CmATKlRmXBmN3/e

Score

10^/10

remote cybergate

Malware Config

Extracted

Family

cybergate

Version

v1.18.0 - Crack Version

Botnet

remote

C2

creed.zapto.org:11000

192.168.1.2:11000

creed.myftp.org:11000

Mutex

08C8666KEIC770

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./logs
ftp_interval
30
injected_process
explorer.exe
install_dir
web
install_file
scvhosts.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
Remote Administration anywhere in the world.
message_box_title
CyberGate
password
becool
regkey_hkcu
HKCU

Signatures

Cybergate family
cybergate

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
16aae43f5e77fe6ead4d6ad466d0bd84

Files

16aae43f5e77fe6ead4d6ad466d0bd84
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 292B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 237KB - Virtual size: 236KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

File Characteristics

Sections

CODE Size: 37KB - Virtual size: 36KB

DATA Size: 512B - Virtual size: 292B

BSS Size: - Virtual size: 2KB

.idata Size: 2KB - Virtual size: 2KB

.tls Size: - Virtual size: 8B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 2KB - Virtual size: 2KB

.rsrc Size: 237KB - Virtual size: 236KB

CODE
Size: 37KB - Virtual size: 36KB

DATA
Size: 512B - Virtual size: 292B

BSS
Size: - Virtual size: 2KB

.idata
Size: 2KB - Virtual size: 2KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 237KB - Virtual size: 236KB