General
-
Target
84efa3ca82148171230fdb3bdfa24a9c0b3575fdee95be8fd94a95ceefa48378
-
Size
352KB
-
Sample
220626-cehhkacgbk
-
MD5
369d2bb6999c93f0911f762de0d6d25e
-
SHA1
c248dbfdf56387fc132dcd2f7b68e32debfed6aa
-
SHA256
84efa3ca82148171230fdb3bdfa24a9c0b3575fdee95be8fd94a95ceefa48378
-
SHA512
902559d4020f46160aa088234f59435e2c4316472fc2bc8b82f9bef8b7f4aac74a480e99c022cf3161c9cf1541fa563513f1fcb7a644e2b658791c848afd9471
Static task
static1
Behavioral task
behavioral1
Sample
84efa3ca82148171230fdb3bdfa24a9c0b3575fdee95be8fd94a95ceefa48378.exe
Resource
win7-20220414-en
Malware Config
Extracted
cybergate
2.6
vítima
taringon.dyndns.org:2000
***Cloudy***
-
enable_keylogger
true
-
enable_message_box
true
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
Sstem
-
install_file
server.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
Hack Activado Disfruta del Hack!
-
message_box_title
Hack Rakion
-
password
1
-
regkey_hkcu
Winistax
-
regkey_hklm
Soiam
Targets
-
-
Target
84efa3ca82148171230fdb3bdfa24a9c0b3575fdee95be8fd94a95ceefa48378
-
Size
352KB
-
MD5
369d2bb6999c93f0911f762de0d6d25e
-
SHA1
c248dbfdf56387fc132dcd2f7b68e32debfed6aa
-
SHA256
84efa3ca82148171230fdb3bdfa24a9c0b3575fdee95be8fd94a95ceefa48378
-
SHA512
902559d4020f46160aa088234f59435e2c4316472fc2bc8b82f9bef8b7f4aac74a480e99c022cf3161c9cf1541fa563513f1fcb7a644e2b658791c848afd9471
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-