Overview

overview

10

Static

static

10

4f3050c9db...ae.exe

windows7-x64

8

4f3050c9db...ae.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4f3050c9dbf51aa1244930b6dc3177ae

  • Size

    281KB

  • MD5

    4f3050c9dbf51aa1244930b6dc3177ae

  • SHA1

    b8790ccf69fece3c6217f11b3ca6d63b117ae7a8

  • SHA256

    e749923dbe023102d99f2a473d96083a42c178f6ce8e9b9d3c2f4bc26059b2db

  • SHA512

    9209a83c97a1435decae71aeb161bfc24eb595fa3b921e7d3017427a4aa1db85605c40359f25910c8a97e0224bf87c21717f71386c0c1b32cf629e90b507850d

  • SSDEEP

    6144:ey+ph+TwlTLfkixFUQKf3D7TnBAZ5qhbxM:b+pA0lYixsfvDBAzK9M

Score
10/10
remotecybergate

Malware Config

Extracted

Family

cybergate

Version

v1.11.0 - Public Version

Botnet

remote

C2

daly00.no-ip.biz:81

Mutex

WBB85D3T1C7544

Attributes
  • enable_keylogger

    true

  • enable_message_box

    false

  • ftp_directory

    ./logs

  • ftp_interval

    30

  • injected_process

    explorer.exe

  • install_dir

    install

  • install_file

    server.exe

  • install_flag

    true

  • keylogger_enable_ftp

    false

  • message_box_caption

    Remote Administration anywhere in the world.

  • message_box_title

    CyberGate

  • password

    0000

Signatures

  • Cybergate family
    cybergate
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 4f3050c9dbf51aa1244930b6dc3177ae
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections