General
-
Target
1174a2abb76d839b62685bb1b1479ac37ba042c13046a1e0793ff3f679b7344e
-
Size
370KB
-
Sample
220604-enmvraheg8
-
MD5
992a3e8dfdf146afe78c55df2413fec3
-
SHA1
c8998ba4b7bd11eddd1d399196678f53b6f3da66
-
SHA256
1174a2abb76d839b62685bb1b1479ac37ba042c13046a1e0793ff3f679b7344e
-
SHA512
214e2a5b323be28011dc1fbd575fa11534e28a15e08028d4280486c3ef746a3dcd837107ddb7dc380f7ade8dda00aa19b7412e6fbadc6c78a93d5a3b9a725e80
Static task
static1
Behavioral task
behavioral1
Sample
1174a2abb76d839b62685bb1b1479ac37ba042c13046a1e0793ff3f679b7344e.exe
Resource
win7-20220414-en
Malware Config
Extracted
cybergate
2.6
hack
hoocking.no-ip.org:5000
windowss
-
enable_keylogger
true
-
enable_message_box
true
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
chrome.exe
-
install_dir
windowslogon
-
install_file
winlogon32.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
no es una aplicación Win32 válida.
-
message_box_title
error 0x00C1 %1
-
password
123asd
-
regkey_hkcu
HKC
-
regkey_hklm
HKL
Targets
-
-
Target
1174a2abb76d839b62685bb1b1479ac37ba042c13046a1e0793ff3f679b7344e
-
Size
370KB
-
MD5
992a3e8dfdf146afe78c55df2413fec3
-
SHA1
c8998ba4b7bd11eddd1d399196678f53b6f3da66
-
SHA256
1174a2abb76d839b62685bb1b1479ac37ba042c13046a1e0793ff3f679b7344e
-
SHA512
214e2a5b323be28011dc1fbd575fa11534e28a15e08028d4280486c3ef746a3dcd837107ddb7dc380f7ade8dda00aa19b7412e6fbadc6c78a93d5a3b9a725e80
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-