General
-
Target
7fa4e5e11ec3818f6caef4fe877d14d60513352dbabd1f3a6a80e3918eea5055
-
Size
4.4MB
-
Sample
221123-lwpgwafh2x
-
MD5
9ed07118ff23d177f3d98b12508c5612
-
SHA1
b156685cf48c8e153716fc637078f1c52a66114e
-
SHA256
7fa4e5e11ec3818f6caef4fe877d14d60513352dbabd1f3a6a80e3918eea5055
-
SHA512
0267560c2f04e0344ed46771fde6a6d70a9d37c33c96779ad489e475395c2cce83da3981abd424e63a1746ba6333c58eb9915ff0081c0aac0e81e056798e8c57
-
SSDEEP
98304:4CjPKNckJS/qUXdaF3czuGtNf+LUy0Dx3HuSzO1edE/DcvKbKCSgUcTpBl4EDHh:4CbGlSiSaJ2ugEoD9OSEOWcEKdWpT7DB
Static task
static1
Behavioral task
behavioral1
Sample
7fa4e5e11ec3818f6caef4fe877d14d60513352dbabd1f3a6a80e3918eea5055.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
7fa4e5e11ec3818f6caef4fe877d14d60513352dbabd1f3a6a80e3918eea5055.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
cybergate
v3.4.2.2
VPN4
joujounette974.ddns.net:8027
64M5FRUGH772A6
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
install
-
install_file
server.exe
-
install_flag
false
-
keylogger_enable_ftp
false
-
message_box_caption
HWID Generator is actually down. Please come back later.Sorry for inconvenience.
-
message_box_title
HWID Generator Error!!
-
password
123456
Targets
-
-
Target
7fa4e5e11ec3818f6caef4fe877d14d60513352dbabd1f3a6a80e3918eea5055
-
Size
4.4MB
-
MD5
9ed07118ff23d177f3d98b12508c5612
-
SHA1
b156685cf48c8e153716fc637078f1c52a66114e
-
SHA256
7fa4e5e11ec3818f6caef4fe877d14d60513352dbabd1f3a6a80e3918eea5055
-
SHA512
0267560c2f04e0344ed46771fde6a6d70a9d37c33c96779ad489e475395c2cce83da3981abd424e63a1746ba6333c58eb9915ff0081c0aac0e81e056798e8c57
-
SSDEEP
98304:4CjPKNckJS/qUXdaF3czuGtNf+LUy0Dx3HuSzO1edE/DcvKbKCSgUcTpBl4EDHh:4CbGlSiSaJ2ugEoD9OSEOWcEKdWpT7DB
-
Modifies WinLogon for persistence
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-