General
-
Target
a11f1b338da143dbb0db66db91a69f64aa0a00c99caa10a1acd997166c7c48ae
-
Size
290KB
-
Sample
221106-qkqysadba6
-
MD5
0f8a8113b7bfae6d0acf59575885a5f9
-
SHA1
5e7e8d33ca5cbaf034fd84739d687810049d9390
-
SHA256
a11f1b338da143dbb0db66db91a69f64aa0a00c99caa10a1acd997166c7c48ae
-
SHA512
ea273f795efbb5a30ea6e038cea8290f355ae71d25e560432a84c5f0fc734ff358431f34f78c062871e35cdccba169c2e8089ece8774228eb349c6be3e25f6aa
-
SSDEEP
6144:2OpslFlqbhdBCkWYxuukP1pjSKSNVkq/MVJbn:2wslITBd47GLRMTbn
Behavioral task
behavioral1
Sample
a11f1b338da143dbb0db66db91a69f64aa0a00c99caa10a1acd997166c7c48ae.exe
Resource
win7-20220812-en
Malware Config
Extracted
cybergate
v1.07.5
Vic
schr1psy.no-ip.org:2345
schr1psy.no-ip.org:2346
4153F304H457KS
-
enable_keylogger
false
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
system32
-
install_file
svchost.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
Download this Application new some files are corrupt or missing!
-
message_box_title
Microsft Application Runtime Error!
-
password
schr1p
-
regkey_hkcu
MicrosoftMSKMLUC
-
regkey_hklm
MicrosoftMSKMLUC
Targets
-
-
Target
a11f1b338da143dbb0db66db91a69f64aa0a00c99caa10a1acd997166c7c48ae
-
Size
290KB
-
MD5
0f8a8113b7bfae6d0acf59575885a5f9
-
SHA1
5e7e8d33ca5cbaf034fd84739d687810049d9390
-
SHA256
a11f1b338da143dbb0db66db91a69f64aa0a00c99caa10a1acd997166c7c48ae
-
SHA512
ea273f795efbb5a30ea6e038cea8290f355ae71d25e560432a84c5f0fc734ff358431f34f78c062871e35cdccba169c2e8089ece8774228eb349c6be3e25f6aa
-
SSDEEP
6144:2OpslFlqbhdBCkWYxuukP1pjSKSNVkq/MVJbn:2wslITBd47GLRMTbn
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-