General
-
Target
23bb4886786eecbf94c8b7a672bf93d7c66f9ab3770c2812e7f9ae8cdfb00abd
-
Size
296KB
-
Sample
221030-g43l9afdh3
-
MD5
9333e67a1d20cc35dd71da28e4b2d1a2
-
SHA1
08fcd2046272946d905f3500a2afc1c4983e18b9
-
SHA256
23bb4886786eecbf94c8b7a672bf93d7c66f9ab3770c2812e7f9ae8cdfb00abd
-
SHA512
1738f01711ae9c7218d47dcbf8eb49c211bf815e222fa517a0985866d977527793535bd83555c0c7c7a06e07d04d43b393ec80c54e1df90d38099ff0384930b1
-
SSDEEP
6144:fOpslFlqIhdBCkWYxuukP1pjSKSNVkq/MVJbY:fwslHTBd47GLRMTbY
Behavioral task
behavioral1
Sample
23bb4886786eecbf94c8b7a672bf93d7c66f9ab3770c2812e7f9ae8cdfb00abd.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
23bb4886786eecbf94c8b7a672bf93d7c66f9ab3770c2812e7f9ae8cdfb00abd.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
cybergate
v1.07.5
Victima
agentmaxserver.no-ip.biz:102
F6X58N3LIQXC0F
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
install
-
install_file
server.exe
-
install_flag
false
-
keylogger_enable_ftp
false
-
message_box_caption
Remote Administration anywhere in the world.
-
message_box_title
CyberGate
-
password
123456
Targets
-
-
Target
23bb4886786eecbf94c8b7a672bf93d7c66f9ab3770c2812e7f9ae8cdfb00abd
-
Size
296KB
-
MD5
9333e67a1d20cc35dd71da28e4b2d1a2
-
SHA1
08fcd2046272946d905f3500a2afc1c4983e18b9
-
SHA256
23bb4886786eecbf94c8b7a672bf93d7c66f9ab3770c2812e7f9ae8cdfb00abd
-
SHA512
1738f01711ae9c7218d47dcbf8eb49c211bf815e222fa517a0985866d977527793535bd83555c0c7c7a06e07d04d43b393ec80c54e1df90d38099ff0384930b1
-
SSDEEP
6144:fOpslFlqIhdBCkWYxuukP1pjSKSNVkq/MVJbY:fwslHTBd47GLRMTbY
Score8/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-