General
-
Target
278e803d720e3df9f64d987e06736c9ff58620ebc4c597b8eceb978042f5c081
-
Size
282KB
-
Sample
221108-n67gjsfae3
-
MD5
08996160b29a26eb2750d5dd608e0438
-
SHA1
97d264a4bb7db1ae2ef07bfb337003bb584c5de2
-
SHA256
278e803d720e3df9f64d987e06736c9ff58620ebc4c597b8eceb978042f5c081
-
SHA512
0ff1fe90695ddddc38a7401c7843b292f28cfff146612be41e5b311a8f2baacc6fd1d81642349238ecff131d9814f8b161aabd2c4820cd7a712dea07e33b6888
-
SSDEEP
6144:VxJsGLnF5oxDNT/xQphU+jrlgzfuzt91C9NDyWId98HhqbxtHGZO:HJsG554h/xQp6+tqOYy9zo0F
Behavioral task
behavioral1
Sample
278e803d720e3df9f64d987e06736c9ff58620ebc4c597b8eceb978042f5c081.exe
Resource
win7-20220812-en
Malware Config
Extracted
cybergate
v1.02.1
Hacker
toto68.zapto.org:188
Pluguin
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
Microsoft
-
install_file
Pluguin.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
Plugins java Updeter
-
message_box_title
Windows
-
password
0123456789
-
regkey_hkcu
Avirnt
-
regkey_hklm
Avgnt
Targets
-
-
Target
278e803d720e3df9f64d987e06736c9ff58620ebc4c597b8eceb978042f5c081
-
Size
282KB
-
MD5
08996160b29a26eb2750d5dd608e0438
-
SHA1
97d264a4bb7db1ae2ef07bfb337003bb584c5de2
-
SHA256
278e803d720e3df9f64d987e06736c9ff58620ebc4c597b8eceb978042f5c081
-
SHA512
0ff1fe90695ddddc38a7401c7843b292f28cfff146612be41e5b311a8f2baacc6fd1d81642349238ecff131d9814f8b161aabd2c4820cd7a712dea07e33b6888
-
SSDEEP
6144:VxJsGLnF5oxDNT/xQphU+jrlgzfuzt91C9NDyWId98HhqbxtHGZO:HJsG554h/xQp6+tqOYy9zo0F
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-