Overview
overview
10Static
static
3.exe
windows7-x64
13.exe
windows10-2004-x64
1Autazo Anonimous.exe
windows7-x64
1Autazo Anonimous.exe
windows10-2004-x64
1AutoClick ....0.exe
windows7-x64
1AutoClick ....0.exe
windows10-2004-x64
1Autoclick ...z!.exe
windows7-x64
1Autoclick ...z!.exe
windows10-2004-x64
1Autoclick ...ll.exe
windows7-x64
1Autoclick ...ll.exe
windows10-2004-x64
1Autoclick ...no.exe
windows7-x64
1Autoclick ...no.exe
windows10-2004-x64
1Autoclick Upper-Z.exe
windows7-x64
1Autoclick Upper-Z.exe
windows10-2004-x64
Autoclick VIP.exe
windows7-x64
1Autoclick VIP.exe
windows10-2004-x64
Autoclick ...us.exe
windows7-x64
1Autoclick ...us.exe
windows10-2004-x64
1Autoclick ...os.exe
windows7-x64
1Autoclick ...os.exe
windows10-2004-x64
1Autoclick ...-!.exe
windows7-x64
1Autoclick ...-!.exe
windows10-2004-x64
1autoclick ...ro.exe
windows7-x64
1autoclick ...ro.exe
windows10-2004-x64
1trz6571.exe
windows7-x64
8trz6571.exe
windows10-2004-x64
8trz8522.exe
windows7-x64
10trz8522.exe
windows10-2004-x64
8General
-
Target
1f9621917578d1d5ec63c5b27bafd2fdf42f9af653d01419831be96436aa789e
-
Size
1.4MB
-
Sample
221123-wbt7qsed5t
-
MD5
b48d24342a72ae2cf0a0017adb513772
-
SHA1
e8d86fff879c9aad62768daf79a6ff2301881774
-
SHA256
1f9621917578d1d5ec63c5b27bafd2fdf42f9af653d01419831be96436aa789e
-
SHA512
df5c9d0cfb794d2a8fbac07b707abe33f69b68aa0d3429cf52b6ee226ad96b56dbd69ee80383964e59698c2d35bca62a4275eda04a8d091f4d8683f25a0d54b3
-
SSDEEP
24576:YVN5nd1qbdJ/wBOzJXQYo1unuuZTkpRL39saV2ZDgGYfE2syUN9T6spkG7vK62Iq:YVx1SYMzaYosnjZTW2gLxsyy9TLkGLCt
Static task
static1
Behavioral task
behavioral1
Sample
3.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
3.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
Autazo Anonimous.exe
Resource
win7-20220812-en
Behavioral task
behavioral4
Sample
Autazo Anonimous.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral5
Sample
AutoClick Shot-Sule-XD 2.0.exe
Resource
win7-20220812-en
Behavioral task
behavioral6
Sample
AutoClick Shot-Sule-XD 2.0.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral7
Sample
Autoclick CarlosHdz!.exe
Resource
win7-20220812-en
Behavioral task
behavioral8
Sample
Autoclick CarlosHdz!.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral9
Sample
Autoclick GreenSkull.exe
Resource
win7-20220812-en
Behavioral task
behavioral10
Sample
Autoclick GreenSkull.exe
Resource
win10v2004-20221111-en
Behavioral task
behavioral11
Sample
Autoclick Petuliano.exe
Resource
win7-20221111-en
Behavioral task
behavioral12
Sample
Autoclick Petuliano.exe
Resource
win10v2004-20221111-en
Behavioral task
behavioral13
Sample
Autoclick Upper-Z.exe
Resource
win7-20221111-en
Behavioral task
behavioral14
Sample
Autoclick Upper-Z.exe
Resource
win10v2004-20221111-en
Behavioral task
behavioral15
Sample
Autoclick VIP.exe
Resource
win7-20220812-en
Behavioral task
behavioral16
Sample
Autoclick VIP.exe
Resource
win10v2004-20221111-en
Behavioral task
behavioral17
Sample
Autoclick anonimous.exe
Resource
win7-20221111-en
Behavioral task
behavioral18
Sample
Autoclick anonimous.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral19
Sample
Autoclick elhuesos.exe
Resource
win7-20221111-en
Behavioral task
behavioral20
Sample
Autoclick elhuesos.exe
Resource
win10v2004-20220901-en
Behavioral task
behavioral21
Sample
Autoclick lefofo By !---Dani---!.exe
Resource
win7-20220812-en
Behavioral task
behavioral22
Sample
Autoclick lefofo By !---Dani---!.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral23
Sample
autoclick andrusero.exe
Resource
win7-20220812-en
Behavioral task
behavioral24
Sample
autoclick andrusero.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral25
Sample
trz6571.exe
Resource
win7-20221111-en
Behavioral task
behavioral26
Sample
trz6571.exe
Resource
win10v2004-20221111-en
Behavioral task
behavioral27
Sample
trz8522.exe
Resource
win7-20220812-en
Behavioral task
behavioral28
Sample
trz8522.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
cybergate
v1.07.5
victima
mayi100.zapto.org:82
3RPDD4J3LU7HW3
-
enable_keylogger
true
-
enable_message_box
true
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
SyStem32
-
install_file
winzip.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
error framework '.net framework 4.0 client profile' not installed
-
message_box_title
Autoclick faller
-
password
smail
-
regkey_hkcu
HKCU
-
regkey_hklm
HKLM
Targets
-
-
Target
3.exe
-
Size
520KB
-
MD5
09194a529b091910a4760ac33a140b51
-
SHA1
beff469c9b35117ba8d2811cebf3ae0d6b06716e
-
SHA256
b9f99b155a2d19f8b6b5907356e61c3726c9023c2d1966f317dde11a73e865e3
-
SHA512
5d9ff30d5771f623417a7c3a3ca13cf1c7073c3caa23c290b6aaaf52b0e78fde5bcbdfdaa8d4a73e5f09759589c54b42c371a33e5c3a034e796bf650176725a1
-
SSDEEP
6144:4eHejf9m2IUHtWuL2/JPrwj9o+Q+/zDjIiI1Zzq:4I2Q2IUHp2/JwtQMkx1Z
Score1/10 -
-
-
Target
Autazo Anonimous.exe
-
Size
85KB
-
MD5
44adfcba9ca769530cda441750cae418
-
SHA1
9cad4aeca13aea454717c8d02f55a1c05d6163ba
-
SHA256
268555d6fb4fc1d740cd99074fc3a53fcd32dc6a70fd01a52f857bb3b9bf34ba
-
SHA512
b7e5383ee247998e1ce7de0f35e5b2bd4d059f4f9efae836e48d5a999781999bddd083d69e04957c44e005e16649fcbe2d40057ac100ff7664ff904ba2091d32
-
SSDEEP
1536:RTN3eaIyaDHppDNNqXsYUcGVJzgDnX7SKVBYnRBu:l5YLpDNE1ZKJz8LSyBWu
Score1/10 -
-
-
Target
AutoClick Shot-Sule-XD 2.0.exe
-
Size
48KB
-
MD5
d972a2a3405419af033bbd4af8848eeb
-
SHA1
31c9515be00071d256ad94654aedac10904257e3
-
SHA256
4a1750316604db67a3853510016caca6b662c55a6a82e8e08fbeb66463c0cff5
-
SHA512
e234318fe9622a8aebd230d1ec6365d768f2a705b2245a3ff9b733f01f06c0c4117a646e224b7aadfc2a9e0fb1ff43fcdd04ded12780f3135024fc7cdc57e4d8
-
SSDEEP
768:tRTpBBFpYKLmB7tohesAJyYMRmr+DEJTyqP17QGUAImGI9yI2XPVKkU:esmB7tzsPYMAroEMC1/UTIT2fckU
Score1/10 -
-
-
Target
Autoclick CarlosHdz!.exe
-
Size
130KB
-
MD5
806f39fd4042410e18f803ddf250b9e4
-
SHA1
8aa6f0dd1eb8e8b17c8bced39e03f106bce8e5a4
-
SHA256
5bc83be43587d84d56bc981cc58aef0f740fae1f35ef24708ea2262f406351c0
-
SHA512
e46e2829f32d683102d91fa5315a892f154cde7fc4d3c604a5b73ff0e2a8889c2566ec79c758a2029147973d77607139de509a51172a0655fd434eff8cca4882
-
SSDEEP
3072:+Q5akSxmL/B5h/kxE1HAQcYfgjhUZ2ipx24hy:+QtwmL/B52gAQpfgjeZ2in
Score1/10 -
-
-
Target
Autoclick GreenSkull.exe
-
Size
45KB
-
MD5
d0bc98ae25f8707fba3be06ebff9c046
-
SHA1
53da2d1e636f9bdc7f5ade085c9d032b4e1bddc9
-
SHA256
ed12e5482b90f22c07433553b604119dfca9b4b0930aac93b8de325dbfa2519a
-
SHA512
5ccd15d4a0ec712c4176a6b3404af97f793dfd29529a74d2072baf1007974e2b73b48127b2c554790bfe3103a314fd69c57f14539efabad3d517bc5b6ca45918
-
SSDEEP
768:4iGMGG8Q8KRFfz2IklgF7+WFai27E9nxzyyBcPClsH:4XYB84LvFMiwE59DBYiK
Score1/10 -
-
-
Target
Autoclick Petuliano.exe
-
Size
96KB
-
MD5
3f98e162989edf51d351ebd9af2a553c
-
SHA1
85758aa41f15a178ae96cf76b32b85c62b5ade02
-
SHA256
b56395ba8c7499c2b0ee01d703f8c5294b36e5fa17ec7b1b0abbc6c63c957a7a
-
SHA512
48b968c2541f2c52f0d004f54a9f56f1a380d227711d76de84346bb8dbe878df43e0119da22fc6a633b20e14421b7236299cee29f77b83eeb846cb84452853db
-
SSDEEP
3072:fOSSj+UQCSuRV7Vr1PmiteKltdFDre1ece2zo:fOzLQLIV7tdmEeKltdFDre1b
Score1/10 -
-
-
Target
Autoclick Upper-Z.exe
-
Size
82KB
-
MD5
72df3ad6be245419d90686084860329d
-
SHA1
5a9f14640906a10bcf1be5c9e7600324691a3331
-
SHA256
3016e757b24a341dd1e915b60f4c01f996527324487c2b0dd75b46ba7362c86b
-
SHA512
503d86fee5e724b27cb0d56cbbd9433acf06dd43a4f7261a9c5abbbc43da451fe794ce266420f09c0df77064b39b00dff1c88eeb369724823eb514cb51ab81d0
-
SSDEEP
768:m57JvxWatbNWbU0F0vp/U7FF0Jhfxsez/U9ke38BcPdnHexbtFZ7JvxWatbNWb:mftbWU0KhM70JhJsez8cBYdHybz/tbW
Score1/10 -
-
-
Target
Autoclick VIP.exe
-
Size
60KB
-
MD5
f4c3c1337e50041b533b49831031369b
-
SHA1
2215b13e639d1212608e56703a9d17f7abf6b832
-
SHA256
b4b21c93472cfdd50c9062b5b837789d3abff12988a1bcf2fddec13b7af09998
-
SHA512
0ec0d2317883571d48cdee96e5472675f2a34cfcf9a983b3148a4ed074c0bbe963863fb43a267fd703d4a63b2a5900cb7c19ae6ddb7e368484a9623abef4a9ad
-
SSDEEP
1536:yssr+kLR87m4gvdjWMwK4Th1uJ6oRZkWAhJBYIlQ:rsakLRaEdjtwK4Th4J6uZOBlQ
Score1/10 -
-
-
Target
Autoclick anonimous.exe
-
Size
61KB
-
MD5
ec2e0e1a8a1267d7fa1196ba26e6bd2c
-
SHA1
736319f7aed12b1a80aff000a63ab45a6f10b724
-
SHA256
0d8ceecae987762d6df34511858845567efb454fb5d5bb6d581572aff970e582
-
SHA512
296a3af3d6212ab4f9d230a5af18eb988bb7a125c5a2a1db52a0ef6ebf3911d7a018f43ca1d3c8964dffe424b9a98b210aa9c216d1d38fec992e07fd8f9bc58f
-
SSDEEP
1536:38u5ws7MaBJFpMybAdy23xUaXdfTBY+HVFQ:38u5galpFbALVtBJQ
Score1/10 -
-
-
Target
Autoclick elhuesos.exe
-
Size
136KB
-
MD5
0c17f9a2a7a9389fe8dfae831028ce77
-
SHA1
52aa6c4714403997f7e2b6ef3a42603996bcfc44
-
SHA256
df2af990abd3be2486da630db4adf8ee020c1a9e9af2e86c5013a4d5a9112c32
-
SHA512
aea1a96980c82d9e5b01c22b49ebfdbe1128985792ce4d0abd1602ba9677bb6a6ebcfe635c6db9f274b38998c78a4dba7cd2d1bc29a8b40614be61055435e09d
-
SSDEEP
1536:nTN3eaIyaDHppMHbZwpD4AJXDt+xQ2zImbaDdZ1qQmNCLE2fzm1aOhG1taPrqBYB:T5YLpMHdwx4+JQODz11mtzA6qBpbz3s
Score1/10 -
-
-
Target
Autoclick lefofo By !---Dani---!.exe
-
Size
68KB
-
MD5
2c4fc38abac0e13c8089919065e493a5
-
SHA1
b06a6a058b595dd8d1da0327879b0dba2a1d812d
-
SHA256
b1026ecd58902986463609e327f8fcef7cc9401e8b7bfe13d870692f6ce1f65e
-
SHA512
40f6d52136517c9f5b1bf9d9c891d0e435ba0c4f4dbdd2d3a4858fbf09bb03829a57057c9f81a42f7d0e7b08a43931516e9839533088657826ded054f7eb10ec
-
SSDEEP
1536:k1Rq96QjwyXfF0TLKrNO2lfScW9ZrMl40u:XblPFMqQGfSt1o40u
Score1/10 -
-
-
Target
autoclick andrusero.exe
-
Size
71KB
-
MD5
98555d37d22d6ce77b6dac3f2b3408d4
-
SHA1
765ef6912cc790352e321ac42f1301f795dd301b
-
SHA256
b18ff7e7e02a02058dd332fc05a624fc1bcb3de14634c921b40615c272635bda
-
SHA512
c48e90ef65a9be9a05ee45990d2d5415f198263694927714389233b8e675a559d21320f53e7098dcdbdbf8a19e3d0a0d60dc21dedce0a6efa8e671fa9d78ff4e
-
SSDEEP
768:x27AaWM+MA+wLqfPGftHLFbm+XcGTmDgNNIuTTngBYwZ91AfLwo2XPwHHZdIc:x20c+MyHxhsGTmwgBYibAfLv2fOD
Score1/10 -
-
-
Target
trz6571.tmp
-
Size
389KB
-
MD5
382d88e30ece53cce0046f1c26d6e4a5
-
SHA1
b583bafc20bc432ec0967e66ec496277ad75fd5d
-
SHA256
c9eccba716546375051f9c0e919b55875f158303baa508bf641690346a1af515
-
SHA512
483dd8c8cdb12096a65d9ee3c27ac97037d3e864b03082b4c18f5c6cefe5d2811adfba2a7643d9c3128093f22790823f3bc82d4b3f41b6f8e1683585976bd90f
-
SSDEEP
6144:b1dlZro5ycxfqg81E2nfzwG6D6cMYv+Izu50obEhajheQ6+sbG8ZxA01nAj5M:b1dlZo5yLRfV6lMW3zu50gEi41m01n3
Score8/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
-
-
Target
trz8522.tmp
-
Size
308KB
-
MD5
d255a9cc1c1fa4a08e322543673bcb7e
-
SHA1
b3ea990c7f730eb61ff4ed87748b150e34dbc76c
-
SHA256
2f28791775bba1d9481563d8c40c9665298a9aa06fccef01eae63f27eb2cb926
-
SHA512
a84b58693e1d5fe4e9d734b058c965a0bd1b0e64894c7dc301929eff31001fd39d31e0ee8d39e31122cf4e6b45def9ea38c5a1535c691fc6a53ceec86fcf1bd7
-
SSDEEP
6144:ikIZp16d70R3eArX76KRoGOAGw1nYCAtIRJNTu+SnumvMS1leV6EITBsllw:ikLdgR3e2GKKGOsUI0+VS10VCal
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-