cybergate | 08a0d4414db32378b3e238352aa42c00834896dc4563eda39b75895a04f528d8N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

08a0d4414db32378b3e238352aa42c00834896dc4563eda39b75895a04f528d8N.exe
Size

788KB
MD5

ef7612deb89e913b6c564323d4224d10
SHA1

332ac5d89d84994af1e51c124b20515c7999919b
SHA256

08a0d4414db32378b3e238352aa42c00834896dc4563eda39b75895a04f528d8
SHA512

72b87ace3c12e9a008e19f3308beaf68e89999e4e0bcdd957dbb963a35056018f054fa50cb42ceef15af512a4000d9bb4e22b6a3dc31f1b19718d9d2af37709d
SSDEEP

12288:lpmcD667Q4dLOSwCDfJqlE6uGiGSAlVLuBRzXA2oAMHVB66EYAUTS9D/ksSzQR:rm8LtwCc26uGi2VCHXSBzTaDMsAQR

Score

10^/10

upx vítima cybergate

Malware Config

Extracted

Family

cybergate

Version

2.7 Final

Botnet

vítima

frost123.no-ip.org:82

Mutex

***MUTEX***

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./logs/
ftp_interval
30
injected_process
explorer.exe
install_dir
install
install_file
server.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
texto da mensagem
message_box_title
título da mensagem
password
abcd1234
regkey_hkcu
HKCU
regkey_hklm
HKLM

Signatures

Cybergate family
cybergate

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
08a0d4414db32378b3e238352aa42c00834896dc4563eda39b75895a04f528d8N.exe

Files

08a0d4414db32378b3e238352aa42c00834896dc4563eda39b75895a04f528d8N.exe
.exe windows:4 windows x86 arch:x86

e7f5df0b4a791b7e27630ca008501b01

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

lstrlenA
lstrcmpiA
WriteProcessMemory
WriteFile
WaitForSingleObject
VirtualProtectEx
VirtualProtect
VirtualFreeEx
VirtualFree
VirtualAllocEx
VirtualAlloc
Sleep
SizeofResource
SetFilePointer
SetFileAttributesA
ReadProcessMemory
ReadFile
OpenProcess
LockResource
LoadResource
LoadLibraryA
GlobalFree
GetVersionExA
GetTickCount
GetProcAddress
GetPrivateProfileStringA
GetPrivateProfileIntA
GetModuleHandleA
GetLastError
GetFileSize
GetFileAttributesA
GetExitCodeThread
GetCurrentProcess
FreeResource
FreeLibrary
FindResourceA
FindFirstFileA
FindClose
ExitProcess
DeleteFileA
CreateRemoteThread
CreateProcessA
CreateMutexA
CreateFileA
CreateDirectoryA
CopyFileA
CloseHandle
GetCurrentThreadId
WideCharToMultiByte
MultiByteToWideChar
ExitProcess
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetCommandLineA
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
GetModuleFileNameA
FreeLibrary
HeapFree
HeapReAlloc
HeapAlloc
GetProcessHeap

advapi32

LsaFreeMemory
LsaClose
LsaRetrievePrivateData
LsaOpenPolicy
ConvertSidToStringSidA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegEnumValueA
RegDeleteKeyA
RegCreateKeyExA
RegCreateKeyA
RegCloseKey
OpenProcessToken
LookupAccountNameA
IsValidSid
GetUserNameA
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
CredEnumerateA

crypt32

CryptUnprotectData

ole32

CoTaskMemFree
OleInitialize
CoCreateInstance
StringFromCLSID

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen

pstorec

PStoreCreateInstance

rasapi32

RasGetEntryDialParamsA
RasEnumEntriesA

shell32

SHGetSpecialFolderPathA

user32

wvsprintfA
TranslateMessage
ToAscii
SetWindowsHookExA
PeekMessageA
GetWindowThreadProcessId
GetKeyboardState
FindWindowA
DispatchMessageA
CharLowerA
CharUpperA
CharNextA

Sections

UPX0
Size: 260KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 480KB - Virtual size: 480KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Signatures

Files

e7f5df0b4a791b7e27630ca008501b01

Headers

File Characteristics

Imports

kernel32

advapi32

crypt32

ole32

oleaut32

pstorec

rasapi32

shell32

user32

Sections

UPX0 Size: 260KB - Virtual size: 260KB

UPX1 Size: 480KB - Virtual size: 480KB

.rsrc Size: 42KB - Virtual size: 42KB

UPX0
Size: 260KB - Virtual size: 260KB

UPX1
Size: 480KB - Virtual size: 480KB

.rsrc
Size: 42KB - Virtual size: 42KB