General
-
Target
117cb3a08ff121b7aad65806bef83b64bb5f80da79795f361d82049ab8a971d7
-
Size
746KB
-
Sample
220604-d7xcvscefr
-
MD5
873a8ec82e58f7917a214c2db6261c4a
-
SHA1
aa1202e05bedc59846904c73604317c7964d022c
-
SHA256
117cb3a08ff121b7aad65806bef83b64bb5f80da79795f361d82049ab8a971d7
-
SHA512
bd4f9bb6870e3adea7a136412751898d407e71e606143073a9e2ce66f56034dc83a0dae04b83c05319a729140b41b57dce37312eb245053ebbda41b4b59f3fee
Static task
static1
Behavioral task
behavioral1
Sample
117cb3a08ff121b7aad65806bef83b64bb5f80da79795f361d82049ab8a971d7.exe
Resource
win7-20220414-en
Malware Config
Extracted
cybergate
2.6
vítima
test1231.no-ip.info:6666
3434347434554723
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
install_dir
Windows NT
-
install_file
svchost.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
texto da mensagem
-
message_box_title
título da mensagem
-
password
abcd1234
-
regkey_hkcu
HKCU
Targets
-
-
Target
117cb3a08ff121b7aad65806bef83b64bb5f80da79795f361d82049ab8a971d7
-
Size
746KB
-
MD5
873a8ec82e58f7917a214c2db6261c4a
-
SHA1
aa1202e05bedc59846904c73604317c7964d022c
-
SHA256
117cb3a08ff121b7aad65806bef83b64bb5f80da79795f361d82049ab8a971d7
-
SHA512
bd4f9bb6870e3adea7a136412751898d407e71e606143073a9e2ce66f56034dc83a0dae04b83c05319a729140b41b57dce37312eb245053ebbda41b4b59f3fee
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-