cybergate | E48AE38CD6A92A4C7891B96B8DC7D2E8[.]exe

General

Target

E48AE38CD6A92A4C7891B96B8DC7D2E8.exe
Size

277KB
MD5

e48ae38cd6a92a4c7891b96b8dc7d2e8
SHA1

64573e4b1af88ecec96bfd76786030ac37d2c9b2
SHA256

6de5e69c368f730fc0e9634f84fdd0bd5645c72db8c2391711e523333105cbd1
SHA512

ff1fdc304bf84675bdef7f57be60b2062b6d70d29cfe2db978f76e8f3b5ec05f928f0daaf6e82703479a8d650fcdeb1fb58731fcd497dd0b80464c8f4fd7aacd
SSDEEP

6144:XyuMwiLdfC2m7mrUsqWBn837FNldObO3k1jI:iuMwf2m77sZB07FxObO32M

Score

10^/10

remote cybergate

Malware Config

Extracted

Family

cybergate

Version

v3.4.2.2

Botnet

remote

C2

asade.no-ip.org:25565

Mutex

8IDQ0416AW42J8

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./logs
ftp_interval
30
injected_process
explorer.exe
install_dir
systems
install_file
windows.exe
install_flag
false
keylogger_enable_ftp
false
message_box_caption
Îøèáêà ñïåêòðà îñâåùåííîñòè âåá-êàìåðû, îáíîâëåíèå íåâîçìîæíî.Êîìïüþòåð áóäåò ïåðåçàãðóæåí.
message_box_title
Îøèáêà!
password
cybergate
regkey_hkcu
system
regkey_hklm
svchost

Signatures

Cybergate family
cybergate

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
E48AE38CD6A92A4C7891B96B8DC7D2E8.exe

Files

E48AE38CD6A92A4C7891B96B8DC7D2E8.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 292B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 235KB - Virtual size: 234KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

File Characteristics

Sections

CODE Size: 35KB - Virtual size: 34KB

DATA Size: 512B - Virtual size: 292B

BSS Size: - Virtual size: 2KB

.idata Size: 2KB - Virtual size: 2KB

.tls Size: - Virtual size: 8B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 2KB - Virtual size: 2KB

.rsrc Size: 235KB - Virtual size: 234KB

We care about your privacy.

CODE
Size: 35KB - Virtual size: 34KB

DATA
Size: 512B - Virtual size: 292B

BSS
Size: - Virtual size: 2KB

.idata
Size: 2KB - Virtual size: 2KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 235KB - Virtual size: 234KB