cybergate | cad58bd66642d574ff6ba35e67eaf3ec61f297b5da1487247c779ef149a9c635[.]exe | Triage

Sharing

General

Target

cad58bd66642d574ff6ba35e67eaf3ec61f297b5da1487247c779ef149a9c635.exe
Size

298KB
MD5

d1a6bcb026625f45371ebe43c725da3e
SHA1

589b1a989b81eb6cd0b78f1d6077ca5d3ede290b
SHA256

cad58bd66642d574ff6ba35e67eaf3ec61f297b5da1487247c779ef149a9c635
SHA512

15f7baf4ca791f4b3ccdbc4247531c9a3076f2c6f824d065db9de5450c6b7fdbf59a7a3d65d25826f88942d3162290585326b5475dc3c2bb8e95fedff34384ea
SSDEEP

6144:L6BsG/ZrIrM+NW6o2SWnIq+ikCdGodAXbAqICNBb:mBsGhr4/xS2hdEbA4Bb

Score

10^/10

upx vítima cybergate

Malware Config

Extracted

Family

cybergate

Version

2.5

Botnet

vítima

C2

127.0.0.1:81

Mutex

***MUTEX***

Attributes

enable_keylogger
false
enable_message_box
true
ftp_directory
./logs/
ftp_interval
30
injected_process
explorer.exe
install_dir
install
install_file
server.exe
install_flag
false
keylogger_enable_ftp
false
message_box_caption
Funciona
message_box_title
Serevr
password
abcd1234

Signatures

Cybergate family
cybergate

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cad58bd66642d574ff6ba35e67eaf3ec61f297b5da1487247c779ef149a9c635.exe

Files

cad58bd66642d574ff6ba35e67eaf3ec61f297b5da1487247c779ef149a9c635.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 229KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE