General
-
Target
5e719b871b17c70bdf7fd99c570044cc48b689afedc28ac4f12beabe84e53038
-
Size
380KB
-
Sample
220707-x965mabae2
-
MD5
44579ee908bc5b4e6dafb75b921ff0e3
-
SHA1
0b9b5ab4108ee725487974995c332dabe0d780bf
-
SHA256
5e719b871b17c70bdf7fd99c570044cc48b689afedc28ac4f12beabe84e53038
-
SHA512
bdba441fed37427066ef3ac7dd07144a7ce19f6ea736ad83a6e4876f01e5d77421b7134b6b35cc9d7c0fa6440cb09ac133187011fdd89ceeecce8a2dc56a4179
Static task
static1
Behavioral task
behavioral1
Sample
5e719b871b17c70bdf7fd99c570044cc48b689afedc28ac4f12beabe84e53038.exe
Resource
win7-20220414-en
Malware Config
Extracted
cybergate
2.5
vítima
satellite-5g.ddns.net:1378
satellite-5g.ddns.net:5568
satellite-5g.ddns.net:1370
satellite-5g.ddns.net:1340
satellite-5g.ddns.net:1350
satellite-5g.ddns.net:1334
satellite-5g.ddns.net:1337
satellite-5g.ddns.net:42474
satellite-5g.ddns.net:1360
satellite-5g.ddns.net:4000
Ethernet
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
.//key/
-
ftp_interval
30
-
ftp_password
lancelot_020500
-
ftp_port
21
-
ftp_server
ftp.webcindario.com
-
ftp_username
appcanadianfree
-
injected_process
svchost.exe
-
install_dir
security
-
install_file
crss.exe
-
install_flag
true
-
keylogger_enable_ftp
true
-
message_box_caption
texto da mensagem
-
message_box_title
título da mensagem
-
password
lancelot
-
regkey_hkcu
Identidad de Aplicacion
-
regkey_hklm
Audio de Windows
Targets
-
-
Target
5e719b871b17c70bdf7fd99c570044cc48b689afedc28ac4f12beabe84e53038
-
Size
380KB
-
MD5
44579ee908bc5b4e6dafb75b921ff0e3
-
SHA1
0b9b5ab4108ee725487974995c332dabe0d780bf
-
SHA256
5e719b871b17c70bdf7fd99c570044cc48b689afedc28ac4f12beabe84e53038
-
SHA512
bdba441fed37427066ef3ac7dd07144a7ce19f6ea736ad83a6e4876f01e5d77421b7134b6b35cc9d7c0fa6440cb09ac133187011fdd89ceeecce8a2dc56a4179
-
Adds policy Run key to start application
-
Modifies Installed Components in the registry
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-