General

  • Target

    c4e3ebded14ce2279769baa5fe201ced

  • Size

    290KB

  • Sample

    240313-ebfkxaca6t

  • MD5

    c4e3ebded14ce2279769baa5fe201ced

  • SHA1

    8b087e50e1f324dbcd079051efe15d0b73da06f4

  • SHA256

    76fbf91c89725bd0b32ddb8a19b1e115ddd7672732b9f54d1c15216ff0b84315

  • SHA512

    b818b0df35abb909928354f0c994bcf4d71a334997570e6ab7e0a60294b4a9a06cb08dff4be83b365cab12b293ee42149abe8d34d3b8c19851c4006b4a382dd5

  • SSDEEP

    6144:qmcD66RRjU5JGmrpQsK3RD2u270jupCJsCxCW:fcD663BZ2zkPaCx/

Malware Config

Extracted

Family

cybergate

Version

2.6

Botnet

vítima

C2

mr-falcon.dyndns.biz:81

Mutex

***MUTEX***

Attributes
  • enable_keylogger

    true

  • enable_message_box

    false

  • ftp_directory

    ./logs/

  • ftp_interval

    30

  • injected_process

    explorer.exe

  • install_dir

    install

  • install_file

    good.exe

  • install_flag

    true

  • keylogger_enable_ftp

    false

  • message_box_caption

    texto da mensagem

  • message_box_title

    título da mensagem

  • password

    abcd1234

Targets

    • Target

      c4e3ebded14ce2279769baa5fe201ced

    • Size

      290KB

    • MD5

      c4e3ebded14ce2279769baa5fe201ced

    • SHA1

      8b087e50e1f324dbcd079051efe15d0b73da06f4

    • SHA256

      76fbf91c89725bd0b32ddb8a19b1e115ddd7672732b9f54d1c15216ff0b84315

    • SHA512

      b818b0df35abb909928354f0c994bcf4d71a334997570e6ab7e0a60294b4a9a06cb08dff4be83b365cab12b293ee42149abe8d34d3b8c19851c4006b4a382dd5

    • SSDEEP

      6144:qmcD66RRjU5JGmrpQsK3RD2u270jupCJsCxCW:fcD663BZ2zkPaCx/

    • CyberGate, Rebhip

      CyberGate is a lightweight remote administration tool with a wide array of functionalities.

MITRE ATT&CK Matrix

Tasks