General
-
Target
18cb8446df56da23dad9484a921d21e3f494f54a494e1b8140d0e3a6079648db
-
Size
176KB
-
Sample
220608-tfz8faeffl
-
MD5
1a3316cd329b3b7f8e64ea9203c8cf46
-
SHA1
33a72864ea30f5405d087084302f004683e66847
-
SHA256
18cb8446df56da23dad9484a921d21e3f494f54a494e1b8140d0e3a6079648db
-
SHA512
9ff48fc06f201d0f050e45ce5ad01d4c3c16bce8ac46d969aec92e3a5d64d5d31b3f8d9da9d1bfaa16419970a4c14cca16d7f4849db0b11c139d49841d90a9f9
Behavioral task
behavioral1
Sample
18cb8446df56da23dad9484a921d21e3f494f54a494e1b8140d0e3a6079648db.exe
Resource
win7-20220414-en
Malware Config
Extracted
cybergate
2.2
vítima
127.0.0.1:81
***MUTEX***
-
enable_keylogger
true
-
enable_message_box
true
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
install
-
install_file
server.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
texto da mensagem
-
message_box_title
título da mensagem
-
password
abcd1234
Targets
-
-
Target
18cb8446df56da23dad9484a921d21e3f494f54a494e1b8140d0e3a6079648db
-
Size
176KB
-
MD5
1a3316cd329b3b7f8e64ea9203c8cf46
-
SHA1
33a72864ea30f5405d087084302f004683e66847
-
SHA256
18cb8446df56da23dad9484a921d21e3f494f54a494e1b8140d0e3a6079648db
-
SHA512
9ff48fc06f201d0f050e45ce5ad01d4c3c16bce8ac46d969aec92e3a5d64d5d31b3f8d9da9d1bfaa16419970a4c14cca16d7f4849db0b11c139d49841d90a9f9
-
Adds policy Run key to start application
-
Modifies Installed Components in the registry
-