cybergate | ce722927a8c23050d9448815207a988acb7ebefe0a4f7ffc8786f38ce56fed98 | Triage

Sharing

General

Target

876-72-0x0000000000400000-0x0000000000455000-memory.dmp
Size

340KB
Sample

240306-nvw7faaa3v
MD5

786fc0201208f7e2778ca7ae58464e8d
SHA1

c4b7006d51986657981fc6ca700fc6bb4136d648
SHA256

ce722927a8c23050d9448815207a988acb7ebefe0a4f7ffc8786f38ce56fed98
SHA512

e3fe3e0d1facf0ab4bd3609ef83004d81695f3d39715952061560825fb1fca5be7fd4882cb82af70247a5b666f86aee513bdb0df93472c7d0a8baf1718289efc
SSDEEP

6144:U+mcD66R15JGmrpQsK3RD2u270jupCJsCxCwI5qoD:ocD66aZ2zkPaCxu

Score

10^/10

cybergate server upx

Malware Config

Extracted

Family

cybergate

Version

2.6

Botnet

Server

C2

abgx.duckdns.org:1212

abgx.duckdns.org:80

abgx.duckdns.org:1445

Mutex

***MUTEX***

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./logs/
ftp_interval
30
injected_process
explorer.exe
install_dir
svchst
install_file
VIPHACK4.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
texto da mensagem
message_box_title
título da mensagem
password
123

Targets

- Target
  
  876-72-0x0000000000400000-0x0000000000455000-memory.dmp
- Size
  
  340KB
- MD5
  
  786fc0201208f7e2778ca7ae58464e8d
- SHA1
  
  c4b7006d51986657981fc6ca700fc6bb4136d648
- SHA256
  
  ce722927a8c23050d9448815207a988acb7ebefe0a4f7ffc8786f38ce56fed98
- SHA512
  
  e3fe3e0d1facf0ab4bd3609ef83004d81695f3d39715952061560825fb1fca5be7fd4882cb82af70247a5b666f86aee513bdb0df93472c7d0a8baf1718289efc
- SSDEEP
  
  6144:U+mcD66R15JGmrpQsK3RD2u270jupCJsCxCwI5qoD:ocD66aZ2zkPaCxu
Score

1^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

upxservercybergate

behavioral1

behavioral2