General
-
Target
ad81fe719d1d44cd45a5dd752e17a84dac9b76cd0f7e85475050aaad06e5995d
-
Size
330KB
-
Sample
221125-h3wyradh4y
-
MD5
d13c21bb46529522077309b00e37e050
-
SHA1
ace1a006e32d31fa6e42210b50255a18d5d3b48f
-
SHA256
ad81fe719d1d44cd45a5dd752e17a84dac9b76cd0f7e85475050aaad06e5995d
-
SHA512
7fc46fe9b76fd644317331114734cb748b002c318bef6fa3db06a4684b4d90d3e62d79f2e2de063ef207b63946f4fe7ae26e7fed03314f3e238fff0a15083da4
-
SSDEEP
6144:5esrD298Jl9kYDEtgCt/eY0eXqB9E9CbAZ7Dx5hEAEVhT9fu4GebL:wEDquk7tgCReXeIaCbAZ7DVg5mPef
Static task
static1
Behavioral task
behavioral1
Sample
ad81fe719d1d44cd45a5dd752e17a84dac9b76cd0f7e85475050aaad06e5995d.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
ad81fe719d1d44cd45a5dd752e17a84dac9b76cd0f7e85475050aaad06e5995d.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
cybergate
2.6
ÖÍíÉ
127.0.0.1:288
hasoon999000.no-ip.info:288
***MUTEX***
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
svchost.exe
-
install_dir
windows
-
install_file
windows.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
texto da mensagem
-
message_box_title
t?tulo da mensagem
-
password
abcd1234
-
regkey_hkcu
HKCU
-
regkey_hklm
HKLM
Targets
-
-
Target
ad81fe719d1d44cd45a5dd752e17a84dac9b76cd0f7e85475050aaad06e5995d
-
Size
330KB
-
MD5
d13c21bb46529522077309b00e37e050
-
SHA1
ace1a006e32d31fa6e42210b50255a18d5d3b48f
-
SHA256
ad81fe719d1d44cd45a5dd752e17a84dac9b76cd0f7e85475050aaad06e5995d
-
SHA512
7fc46fe9b76fd644317331114734cb748b002c318bef6fa3db06a4684b4d90d3e62d79f2e2de063ef207b63946f4fe7ae26e7fed03314f3e238fff0a15083da4
-
SSDEEP
6144:5esrD298Jl9kYDEtgCt/eY0eXqB9E9CbAZ7Dx5hEAEVhT9fu4GebL:wEDquk7tgCReXeIaCbAZ7DVg5mPef
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-