General
-
Target
c07c0ff42073d5568e8bc07ab0ead445779c9f11b86f6b87ad2a849790a83ded
-
Size
477KB
-
Sample
221127-t1c9eabg49
-
MD5
0a439518508b71a31e998795f18f295b
-
SHA1
563284a57eb6cd232ab48e87f9a939c92c787092
-
SHA256
c07c0ff42073d5568e8bc07ab0ead445779c9f11b86f6b87ad2a849790a83ded
-
SHA512
9ab7179dc6b636b1b0a753e31160e14dac488c2a53c50c19207dc6d869f0d661119b6bbfa8b0a9a522aa8f7869bea0a5a7e1cb5b10efeabad36123a9dd25fb1b
-
SSDEEP
12288:uSWoLbZA5VA34r6i8V0TxgkY5vpXxR8nJOf0bM+FBE8YSTKNfXj:uSWckVAIv8V0KzlP2wc5jIfz
Static task
static1
Behavioral task
behavioral1
Sample
c07c0ff42073d5568e8bc07ab0ead445779c9f11b86f6b87ad2a849790a83ded.exe
Resource
win7-20221111-en
Malware Config
Extracted
cybergate
v1.18.0 - Crack Version
remote
takutaku.no-ip.biz:3002
2T662FOSL4A557
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
install
-
install_file
server.exe
-
install_flag
false
-
keylogger_enable_ftp
false
-
message_box_caption
Remote Administration anywhere in the world.
-
message_box_title
CyberGate
-
password
nevermind
Targets
-
-
Target
c07c0ff42073d5568e8bc07ab0ead445779c9f11b86f6b87ad2a849790a83ded
-
Size
477KB
-
MD5
0a439518508b71a31e998795f18f295b
-
SHA1
563284a57eb6cd232ab48e87f9a939c92c787092
-
SHA256
c07c0ff42073d5568e8bc07ab0ead445779c9f11b86f6b87ad2a849790a83ded
-
SHA512
9ab7179dc6b636b1b0a753e31160e14dac488c2a53c50c19207dc6d869f0d661119b6bbfa8b0a9a522aa8f7869bea0a5a7e1cb5b10efeabad36123a9dd25fb1b
-
SSDEEP
12288:uSWoLbZA5VA34r6i8V0TxgkY5vpXxR8nJOf0bM+FBE8YSTKNfXj:uSWckVAIv8V0KzlP2wc5jIfz
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-