cybergate | b84d5259231223e5eda63c4d7f6d3bcbf999ee3ac4a11d8dd244721be1717156

General

Target

b84d5259231223e5eda63c4d7f6d3bcbf999ee3ac4a11d8dd244721be1717156
Size

428KB
MD5

e01a1ce32d1d6e062697dbd24d9e8792
SHA1

a538a97fa221494e9cca16fab9496d62afb64ab4
SHA256

b84d5259231223e5eda63c4d7f6d3bcbf999ee3ac4a11d8dd244721be1717156
SHA512

c99bef3bc4bed82dca5e18df79cde23ba5990f6d027fb9d0b9d81225c2f7b88191d150deead8dc5527395094a25d948768a06e47d03efa960f2238ce382d0721
SSDEEP

12288:RuMw1Bi8vvrHxVPKyv2m77sZB07FxObO32c:RHwC8vrx52t07FQa9

Score

10^/10

s4neugame cybergate

Malware Config

Extracted

Family

cybergate

Version

v3.4.2.2

Botnet

S4neuGame

C2

127.0.0.1:999

eaupdateservice.ddns.net:20122

Mutex

LIBD5L6707Q4NS

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./logs
ftp_interval
30
injected_process
explorer.exe
install_dir
updater
install_file
sims4update.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
Remote Administration anywhere in the world.
message_box_title
CyberGate
password
ms567
regkey_hkcu
contentupdatessims4
regkey_hklm
s4anadupdate

Signatures

Cybergate family
cybergate

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b84d5259231223e5eda63c4d7f6d3bcbf999ee3ac4a11d8dd244721be1717156

Files

b84d5259231223e5eda63c4d7f6d3bcbf999ee3ac4a11d8dd244721be1717156
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 292B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 386KB - Virtual size: 385KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

File Characteristics

Sections

CODE Size: 35KB - Virtual size: 34KB

DATA Size: 512B - Virtual size: 292B

BSS Size: - Virtual size: 2KB

.idata Size: 2KB - Virtual size: 2KB

.tls Size: - Virtual size: 8B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 2KB - Virtual size: 2KB

.rsrc Size: 386KB - Virtual size: 385KB

CODE
Size: 35KB - Virtual size: 34KB

DATA
Size: 512B - Virtual size: 292B

BSS
Size: - Virtual size: 2KB

.idata
Size: 2KB - Virtual size: 2KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 386KB - Virtual size: 385KB