General
-
Target
5cb3e5a604c9764c14986dff080b93e9be624cb4406f5af5224b8927895468f6
-
Size
500KB
-
Sample
221106-kqbhdseggn
-
MD5
11da4736ccb6fccf497748c0506376df
-
SHA1
4b5e2f1bd50dc6e0cbefe58585a9c23c33da81e7
-
SHA256
5cb3e5a604c9764c14986dff080b93e9be624cb4406f5af5224b8927895468f6
-
SHA512
1e98d3538c4f56c02971fc306e857d87747aa54b096e73d24ee807da16559a9d176336f86b7e3ef87a3faad538d0fd24da93dbde8649ca82e2267bbdd86ebab5
-
SSDEEP
6144:AWsoXvHnZqqHYBJTf7hlN8WMo5SZ7DvJkWZA8U+WApNCTOeDNQDx7dHw://UOYBJLFl6fZ7Dx8RFA3CTHE7J
Static task
static1
Behavioral task
behavioral1
Sample
5cb3e5a604c9764c14986dff080b93e9be624cb4406f5af5224b8927895468f6.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
5cb3e5a604c9764c14986dff080b93e9be624cb4406f5af5224b8927895468f6.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
cybergate
2.6
domdom2121
176.240.164.204:2121
95.6.97.198:2121
***MUTEX***
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
install
-
install_file
server.exe
-
install_flag
false
-
keylogger_enable_ftp
false
-
message_box_caption
texto da mensagem
-
message_box_title
tÃtulo da mensagem
-
password
21212121
Targets
-
-
Target
5cb3e5a604c9764c14986dff080b93e9be624cb4406f5af5224b8927895468f6
-
Size
500KB
-
MD5
11da4736ccb6fccf497748c0506376df
-
SHA1
4b5e2f1bd50dc6e0cbefe58585a9c23c33da81e7
-
SHA256
5cb3e5a604c9764c14986dff080b93e9be624cb4406f5af5224b8927895468f6
-
SHA512
1e98d3538c4f56c02971fc306e857d87747aa54b096e73d24ee807da16559a9d176336f86b7e3ef87a3faad538d0fd24da93dbde8649ca82e2267bbdd86ebab5
-
SSDEEP
6144:AWsoXvHnZqqHYBJTf7hlN8WMo5SZ7DvJkWZA8U+WApNCTOeDNQDx7dHw://UOYBJLFl6fZ7Dx8RFA3CTHE7J
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-