Overview

overview

10

Static

static

10

8f61e0de09...db.exe

windows7-x64

10

8f61e0de09...db.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    8f61e0de09ac460beb5842975e7135db

  • Size

    1.4MB

  • MD5

    8f61e0de09ac460beb5842975e7135db

  • SHA1

    0155ccdb1940c1ca0b53642edb1a3f7ac01f8728

  • SHA256

    09f5a9eb1651a3155937d0087573b48de0f79907b7606ffc2e146c716a8acd95

  • SHA512

    520e99929c36acd006535b9b39d8aa00a6d50079613e7573beca7ca9a3cc12a327473b503f7c652a1244bf6f47471b5d1206971419661371ad565da51e4bfcda

  • SSDEEP

    24576:CslJakKY2A6hpHmm3fit34PXPcvuRB9WR0KQqRwUTL8KxVd0ARco2E8j0YUF1Xl1:Cs3KY2A6hpHmgfy5uRB9WR9QjKL8KxYm

Score
10/10
0wnedcybergate

Malware Config

Extracted

Family

cybergate

Version

v1.07.5

Botnet

0wned

C2

n0name.zapto.org:3737

n0name.zapto.org:64064
Mutex

7KQKJ7533W5YY3

Attributes
  • enable_keylogger

    false

  • enable_message_box

    false

  • ftp_directory

    ./logs/

  • ftp_interval

    30

  • injected_process

    explorer.exe

  • install_dir

    WinUpdate32

  • install_file

    update.exe

  • install_flag

    true

  • keylogger_enable_ftp

    false

  • message_box_caption

    Remote Administration anywhere in the world.

  • message_box_title

    CyberGate

  • password

    0wned01

  • regkey_hkcu

    HKCU

  • regkey_hklm

    HKLM

Signatures

  • Cybergate family
    cybergate
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 8f61e0de09ac460beb5842975e7135db
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections