General
-
Target
86661c3207cf787d710602a9067d464b271b3e858946c1eab311d0eae74d5aba
-
Size
514KB
-
Sample
221106-j6ez3sdghp
-
MD5
31b32a4b9868e2872e08cbc5edc6f1f0
-
SHA1
8b879e7d75a05b957a49740a302eec40d63630e3
-
SHA256
86661c3207cf787d710602a9067d464b271b3e858946c1eab311d0eae74d5aba
-
SHA512
f680e855961e791287472d78a6772e4725f1a2421182d0fd75ef546bff9b8082de446866515df7ca227da07e15fb5313070efea3a7d1a6173198b03905e01855
-
SSDEEP
12288:nh6Bo7lyUDyiFBpbH7Xxu8XhE9wOqWBKh7Ho0LVdM:kBo7bFvz7hhqwOqDHvfM
Static task
static1
Behavioral task
behavioral1
Sample
86661c3207cf787d710602a9067d464b271b3e858946c1eab311d0eae74d5aba.exe
Resource
win7-20220812-en
Malware Config
Extracted
cybergate
v3.4.2.2
Client
ph4nt0mzz.zapto.org:999
VKTWTS75QF741D
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
mstcfg
-
install_file
mstcfg.exe
-
install_flag
false
-
keylogger_enable_ftp
false
-
message_box_caption
Remote Administration anywhere in the world.
-
message_box_title
CyberGate
-
password
cybergate
-
regkey_hkcu
HKCU
-
regkey_hklm
HKLM
Targets
-
-
Target
86661c3207cf787d710602a9067d464b271b3e858946c1eab311d0eae74d5aba
-
Size
514KB
-
MD5
31b32a4b9868e2872e08cbc5edc6f1f0
-
SHA1
8b879e7d75a05b957a49740a302eec40d63630e3
-
SHA256
86661c3207cf787d710602a9067d464b271b3e858946c1eab311d0eae74d5aba
-
SHA512
f680e855961e791287472d78a6772e4725f1a2421182d0fd75ef546bff9b8082de446866515df7ca227da07e15fb5313070efea3a7d1a6173198b03905e01855
-
SSDEEP
12288:nh6Bo7lyUDyiFBpbH7Xxu8XhE9wOqWBKh7Ho0LVdM:kBo7bFvz7hhqwOqDHvfM
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-