General
-
Target
d0056937f8a8e74fdf6ae10c6c389fe79c6b3af94bc1aa01e69d9c0ee52b1820
-
Size
772KB
-
Sample
221106-renrxaggbn
-
MD5
0174697ceca41dd4f3652c42e89b9805
-
SHA1
3fcc2ec9e295bb7676e62510f6b1ec5d21466c33
-
SHA256
d0056937f8a8e74fdf6ae10c6c389fe79c6b3af94bc1aa01e69d9c0ee52b1820
-
SHA512
4c16cb325618a402948e449091a72b2a7f0f4ce5d1903573955c8266548f9b787fc5b2d1f680063c52521eda12b7effbd8f30f679294e1fa4a1eb54594cb7877
-
SSDEEP
12288:T1q9CdsqTzLEebrKtzsFpZyTy18gLrWo6D7hkYHC:T1O0zL3utqpZ2y18CrYlk
Static task
static1
Behavioral task
behavioral1
Sample
d0056937f8a8e74fdf6ae10c6c389fe79c6b3af94bc1aa01e69d9c0ee52b1820.exe
Resource
win7-20220901-en
Malware Config
Extracted
cybergate
2.5
N0_Lose
fvool.gicp.net:81
***MUTEX***
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
install
-
install_file
qul.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
ÕâÊÇÀ´×ÔÓÚN0_LoseµÄÎʺò£¡
-
message_box_title
N0_LoseµÄÎʺò
-
password
abcd1234
Targets
-
-
Target
d0056937f8a8e74fdf6ae10c6c389fe79c6b3af94bc1aa01e69d9c0ee52b1820
-
Size
772KB
-
MD5
0174697ceca41dd4f3652c42e89b9805
-
SHA1
3fcc2ec9e295bb7676e62510f6b1ec5d21466c33
-
SHA256
d0056937f8a8e74fdf6ae10c6c389fe79c6b3af94bc1aa01e69d9c0ee52b1820
-
SHA512
4c16cb325618a402948e449091a72b2a7f0f4ce5d1903573955c8266548f9b787fc5b2d1f680063c52521eda12b7effbd8f30f679294e1fa4a1eb54594cb7877
-
SSDEEP
12288:T1q9CdsqTzLEebrKtzsFpZyTy18gLrWo6D7hkYHC:T1O0zL3utqpZ2y18CrYlk
-
Modifies Installed Components in the registry
-
Deletes itself
-
Drops file in System32 directory
-