General
-
Target
4052d14c3a9c6e9850fcd8744735e4cc7acbecf7b38fadc9144c420f9f60992a
-
Size
331KB
-
Sample
221127-v39k3aac9t
-
MD5
f3cb011cd2a4034f2531cee08e63156b
-
SHA1
6f78b8113a42fa10109c481c599aee80ec0c0323
-
SHA256
4052d14c3a9c6e9850fcd8744735e4cc7acbecf7b38fadc9144c420f9f60992a
-
SHA512
32a5e17c05273794a9fc2661eddfeed8149101757ff76e357d70fd959a741d41b4c94c06fce48a0566fe337be5b0a0cbf22eb3b89c65bc520cfefcd66c0c002a
-
SSDEEP
6144:lxHa4c7+eEwzJBZVPd27pGNl/HW9CMLJvdmRRb06rQTmGW2vXnMl3IHS7NKumUZd:jaPR/29CMlURRIUQTmmvXMl3IKwUT
Static task
static1
Behavioral task
behavioral1
Sample
4052d14c3a9c6e9850fcd8744735e4cc7acbecf7b38fadc9144c420f9f60992a.exe
Resource
win7-20220901-en
Malware Config
Extracted
cybergate
2.6
panda
baglanhayada.com:106
LFO701A1756D
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
K_yuvbhyucab.exe
-
install_file
K_yuvbhyucab.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
Run Time Failed.!
-
message_box_title
Error
-
password
lasatsa
-
regkey_hkcu
K_yuvbhyucab
Targets
-
-
Target
4052d14c3a9c6e9850fcd8744735e4cc7acbecf7b38fadc9144c420f9f60992a
-
Size
331KB
-
MD5
f3cb011cd2a4034f2531cee08e63156b
-
SHA1
6f78b8113a42fa10109c481c599aee80ec0c0323
-
SHA256
4052d14c3a9c6e9850fcd8744735e4cc7acbecf7b38fadc9144c420f9f60992a
-
SHA512
32a5e17c05273794a9fc2661eddfeed8149101757ff76e357d70fd959a741d41b4c94c06fce48a0566fe337be5b0a0cbf22eb3b89c65bc520cfefcd66c0c002a
-
SSDEEP
6144:lxHa4c7+eEwzJBZVPd27pGNl/HW9CMLJvdmRRb06rQTmGW2vXnMl3IHS7NKumUZd:jaPR/29CMlURRIUQTmmvXMl3IKwUT
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-