General
-
Target
3a762a7a8bca3a20f4cbdebdf22494ec33533389c4c8cd44292dd8815c67acbd
-
Size
420KB
-
Sample
221029-dd53xaaacl
-
MD5
64d153e2d612ba8f95ed569cccdaf462
-
SHA1
e3444fc52c1e303a3896cdd4e2b852853e6d36ae
-
SHA256
3a762a7a8bca3a20f4cbdebdf22494ec33533389c4c8cd44292dd8815c67acbd
-
SHA512
1cf64a13374788b15444e054afa61f3371a4cb9b8bada4ec32804db888b212091c9690c2c7a7adf6fbf2150baa9a4d7f15020eb28b4244a4aba8cdf145017974
-
SSDEEP
12288:zt6+En7znHp9yqTsy0QYYd3QKURXVNMOI:zt6++zHp9zsCF/UDNl
Static task
static1
Behavioral task
behavioral1
Sample
3a762a7a8bca3a20f4cbdebdf22494ec33533389c4c8cd44292dd8815c67acbd.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
3a762a7a8bca3a20f4cbdebdf22494ec33533389c4c8cd44292dd8815c67acbd.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
cybergate
2.6
youtube
colega12.zapto.org:82
-----hghghhccvcv
-
enable_keylogger
true
-
enable_message_box
true
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
system32
-
install_file
notepad.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
Incompatible con el systema.
-
message_box_title
Error
-
password
alberto
-
regkey_hkcu
HKCU
-
regkey_hklm
HKLM
Targets
-
-
Target
3a762a7a8bca3a20f4cbdebdf22494ec33533389c4c8cd44292dd8815c67acbd
-
Size
420KB
-
MD5
64d153e2d612ba8f95ed569cccdaf462
-
SHA1
e3444fc52c1e303a3896cdd4e2b852853e6d36ae
-
SHA256
3a762a7a8bca3a20f4cbdebdf22494ec33533389c4c8cd44292dd8815c67acbd
-
SHA512
1cf64a13374788b15444e054afa61f3371a4cb9b8bada4ec32804db888b212091c9690c2c7a7adf6fbf2150baa9a4d7f15020eb28b4244a4aba8cdf145017974
-
SSDEEP
12288:zt6+En7znHp9yqTsy0QYYd3QKURXVNMOI:zt6++zHp9zsCF/UDNl
-
Adds policy Run key to start application
-
Modifies Installed Components in the registry
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-