Overview

overview

10

Static

static

10

3d99bc9b65...77.exe

windows7-x64

10

3d99bc9b65...77.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    3d99bc9b650dfee8d756974847b32177.exe

  • Size

    283KB

  • MD5

    3d99bc9b650dfee8d756974847b32177

  • SHA1

    2a961714a9f554db4b5d1b26d51fc9ca574daf13

  • SHA256

    faa75a44efb600d11df1fea1f23e66d396ee0bf5ce11112187d077ce36adc7d6

  • SHA512

    7b056ddc6472dbad6e58bb89d59f1101a0f344cf94527519efaf6ced7d18428cf54d642594d684564cc0a5bb8c9e8e5c6e0a26b4f1b2f32a117acf52f73611f5

  • SSDEEP

    6144:t4ABF94c0pAuO/50BTnqPd0Mpz7qhh4nXjjf8MZ9BKXKT:2UjGLE0kuGnESBT

Score
10/10
cybercybergate

Malware Config

Extracted

Family

cybergate

Version

v1.04.8

Botnet

cyber

C2

jonevansphotography.co.uk:100

Mutex

FQB416H3XJ62M1

Attributes
  • enable_keylogger

    true

  • enable_message_box

    false

  • ftp_directory

    ./logs/

  • ftp_interval

    30

  • injected_process

    explorer.exe

  • install_dir

    windir

  • install_file

    server.exe

  • install_flag

    true

  • keylogger_enable_ftp

    false

  • message_box_caption

    Remote Administration anywhere in the world.

  • message_box_title

    CyberGate

  • password

    qwerty

  • regkey_hkcu

    HKCU

  • regkey_hklm

    HKLM

Signatures

  • Cybergate family
    cybergate
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 3d99bc9b650dfee8d756974847b32177.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections