General
-
Target
42e067befc7d3493834802bb28318a65592b7b3aeeb3f34759dea0b2e9b1815f
-
Size
428KB
-
Sample
220130-bjyvnscdgk
-
MD5
dd0965b9bb4d8fa833b59ab41b405c0b
-
SHA1
b9ca6f8b25ffd8fa66194fc826037d667039e830
-
SHA256
42e067befc7d3493834802bb28318a65592b7b3aeeb3f34759dea0b2e9b1815f
-
SHA512
d617eac8f1d4d18101e5844f9c5fd1113dc7a63e254721c0b7e170e44d13f7015e08a34f25677faeeb0b924aebded2a3d0ed2ad764cb8cda26f50db0b97b7353
Behavioral task
behavioral1
Sample
42e067befc7d3493834802bb28318a65592b7b3aeeb3f34759dea0b2e9b1815f.exe
Resource
win7-en-20211208
Malware Config
Extracted
cybergate
v3.4.2.2
VicTeM
31.9.48.84:82
31.9.48.84:999
1B05SV4C37885F
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./htdocs
-
ftp_interval
30
-
ftp_password
678494
-
ftp_port
21
-
ftp_server
ftp.eb2a.com
-
ftp_username
eb2a_13865594
-
injected_process
explorer.exe
-
install_dir
install
-
install_file
server.exe
-
install_flag
true
-
keylogger_enable_ftp
true
-
message_box_caption
Remote Administration anywhere in the world.
-
message_box_title
CyberGate
-
password
963963
-
regkey_hkcu
HKCU
-
regkey_hklm
HKLM
Targets
-
-
Target
42e067befc7d3493834802bb28318a65592b7b3aeeb3f34759dea0b2e9b1815f
-
Size
428KB
-
MD5
dd0965b9bb4d8fa833b59ab41b405c0b
-
SHA1
b9ca6f8b25ffd8fa66194fc826037d667039e830
-
SHA256
42e067befc7d3493834802bb28318a65592b7b3aeeb3f34759dea0b2e9b1815f
-
SHA512
d617eac8f1d4d18101e5844f9c5fd1113dc7a63e254721c0b7e170e44d13f7015e08a34f25677faeeb0b924aebded2a3d0ed2ad764cb8cda26f50db0b97b7353
-
Adds policy Run key to start application
-
Modifies Installed Components in the registry
-
Adds Run key to start application
-
Drops file in System32 directory
-