cybergate | 749e49f7ddd5586adb6e57f3e0c1e6c6

General

Target

749e49f7ddd5586adb6e57f3e0c1e6c6
Size

230KB
MD5

749e49f7ddd5586adb6e57f3e0c1e6c6
SHA1

6280139f2901f0be8e0b2b81ef20db3d8c20d8e0
SHA256

a0e4d1b19d87bec39ae5cd92d8b96a938686f2d1e0fc923a239a640874ad2db4
SHA512

4bc1898400ffe1dbcc2248f753fa787e2b5b650f247c5b0df455237f1b39f9e584ef8387652fadd2b86c7f214e78bd8cc4e36eacd3714f05bed1ce12c53811d4
SSDEEP

3072:DiG9l4EHj7b1SU7eItPPjtq0svSojstQ9xae1h8geqF/f9DG2FWHJMfXdDv0B95:lJ5SU7eICYo5xFh8geqRf9hFWHqs

Score

10^/10

sil cybergate

Malware Config

Extracted

Family

cybergate

Version

2.2.3

Botnet

sil

C2

solitario1.no-ip.biz:7575

solitario1.no-ip.biz:7450

Mutex

***MUTEX***

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./logs/
ftp_interval
30
injected_process
TASKMGR.EXE
install_dir
install
install_file
ser.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
texto da mensagem
message_box_title
título da mensagem
password
GRANADA

Signatures

Cybergate family
cybergate

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
749e49f7ddd5586adb6e57f3e0c1e6c6

Files

749e49f7ddd5586adb6e57f3e0c1e6c6
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 540B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 177KB - Virtual size: 197KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

File Characteristics

Sections

CODE Size: 44KB - Virtual size: 44KB

DATA Size: 1024B - Virtual size: 540B

BSS Size: - Virtual size: 4KB

.idata Size: 3KB - Virtual size: 2KB

.tls Size: - Virtual size: 8B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 3KB - Virtual size: 2KB

.rsrc Size: 177KB - Virtual size: 197KB

CODE
Size: 44KB - Virtual size: 44KB

DATA
Size: 1024B - Virtual size: 540B

BSS
Size: - Virtual size: 4KB

.idata
Size: 3KB - Virtual size: 2KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 177KB - Virtual size: 197KB