General
-
Target
ab89785ce8d745bb9dd2c8d23519ed1a4e503938d3a496d059f786219ae54203
-
Size
406KB
-
Sample
221030-x8w82aggbr
-
MD5
825a5d844ccae6f1176bcdb35c26e1c0
-
SHA1
f8fdb71e491d31a9ed09ad0879768d12f7d53d94
-
SHA256
ab89785ce8d745bb9dd2c8d23519ed1a4e503938d3a496d059f786219ae54203
-
SHA512
4f4cbd34fc3567f95cd87e283251eeb84ae1d665f90524961c41d39d45b3a78e98bc2a1c3fcf49a1137d66ee4b62673dfa87269553cabf2dd871c1c4be24ce0f
-
SSDEEP
12288:sYy9aRynHwcCuLEY+7jJib2nAPnVk+G3NYn:pyHXCMQ7diynlh3NYn
Static task
static1
Behavioral task
behavioral1
Sample
ab89785ce8d745bb9dd2c8d23519ed1a4e503938d3a496d059f786219ae54203.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
ab89785ce8d745bb9dd2c8d23519ed1a4e503938d3a496d059f786219ae54203.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
cybergate
2.6
CryptoSuite
otocukk.no-ip.biz:443
M30EFVFW
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
java\upgrade\
-
install_file
javaing.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
Tester
-
message_box_title
Test
-
password
yln12345
-
regkey_hkcu
javaing
Targets
-
-
Target
ab89785ce8d745bb9dd2c8d23519ed1a4e503938d3a496d059f786219ae54203
-
Size
406KB
-
MD5
825a5d844ccae6f1176bcdb35c26e1c0
-
SHA1
f8fdb71e491d31a9ed09ad0879768d12f7d53d94
-
SHA256
ab89785ce8d745bb9dd2c8d23519ed1a4e503938d3a496d059f786219ae54203
-
SHA512
4f4cbd34fc3567f95cd87e283251eeb84ae1d665f90524961c41d39d45b3a78e98bc2a1c3fcf49a1137d66ee4b62673dfa87269553cabf2dd871c1c4be24ce0f
-
SSDEEP
12288:sYy9aRynHwcCuLEY+7jJib2nAPnVk+G3NYn:pyHXCMQ7diynlh3NYn
Score10/10-
Adds policy Run key to start application
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-