Behavioral task
behavioral1
Sample
1f41f8c3a65d31989eb1d7fc5fda6c2cbbfe25b279df874bac9c12dc647928d8.exe
Resource
win7-20220812-en
General
-
Target
1f41f8c3a65d31989eb1d7fc5fda6c2cbbfe25b279df874bac9c12dc647928d8
-
Size
302KB
-
MD5
00215f103ac5a93b46bacdf7e3348e49
-
SHA1
e9b5693a2582dfdf4146c5edc5dc64d5837f504e
-
SHA256
1f41f8c3a65d31989eb1d7fc5fda6c2cbbfe25b279df874bac9c12dc647928d8
-
SHA512
2ba75cd31cb5d000998bd8527ce758b5fd73ba94dd82b63cf8d3c6603e49e6d3ed77459cf72e688ffec4236dbdb440f0bef00df431e1e190641f47fcc88384b5
-
SSDEEP
6144:RmcD66RbQ5JGmrpQsK3RD2u270jupCJsCxCc:kcD66rZ2zkPaCx5
Malware Config
Extracted
cybergate
2.6
ÖÍíÉ
profist.myftp.biz:1404
***MUTEX***
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
svchost.exe
-
install_file
windows.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
texto da mensagem
-
message_box_title
título da mensagem
-
password
999999
Signatures
-
Cybergate family
Files
-
1f41f8c3a65d31989eb1d7fc5fda6c2cbbfe25b279df874bac9c12dc647928d8.exe windows x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
CODE Size: 44KB - Virtual size: 44KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
DATA Size: 1024B - Virtual size: 544B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
BSS Size: - Virtual size: 4KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: - Virtual size: 8B
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 512B - Virtual size: 24B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 249KB - Virtual size: 248KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ