General
-
Target
59b77f7e81d48062cd9e24cd839f820ea253662f7b3eb5198d96c31e34f72e65
-
Size
355KB
-
Sample
221128-dw8lrabc72
-
MD5
b1bc0307f3c94ca31ece1a623602eca9
-
SHA1
026cbf99590f17e2e14bb56dded0dd3c32cbdb2c
-
SHA256
59b77f7e81d48062cd9e24cd839f820ea253662f7b3eb5198d96c31e34f72e65
-
SHA512
c73b95cf6d88eb8d4d514c6ad822065ca09190385df1609c2560e379a20f359ea4b12a25fcdc4ea6fd5004bcf2daaa7651f87f60a726c82e8c8693d9f3836af9
-
SSDEEP
6144:cASg70AAidDr7vOw61DQLlEvMUcc3YYOiqV9YKbhwtXSzFm8DMLb:cAS3SrmQL2EBVpV+gWWFm8DMLb
Static task
static1
Behavioral task
behavioral1
Sample
59b77f7e81d48062cd9e24cd839f820ea253662f7b3eb5198d96c31e34f72e65.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
59b77f7e81d48062cd9e24cd839f820ea253662f7b3eb5198d96c31e34f72e65.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
cybergate
2.6
vítima
denemeolur1.no-ip.org:81
asdqwe54
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
drivers
-
install_file
servces.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
texto da mensagem
-
message_box_title
título da mensagem
-
password
abcd1234
-
regkey_hkcu
driv
-
regkey_hklm
driv
Targets
-
-
Target
59b77f7e81d48062cd9e24cd839f820ea253662f7b3eb5198d96c31e34f72e65
-
Size
355KB
-
MD5
b1bc0307f3c94ca31ece1a623602eca9
-
SHA1
026cbf99590f17e2e14bb56dded0dd3c32cbdb2c
-
SHA256
59b77f7e81d48062cd9e24cd839f820ea253662f7b3eb5198d96c31e34f72e65
-
SHA512
c73b95cf6d88eb8d4d514c6ad822065ca09190385df1609c2560e379a20f359ea4b12a25fcdc4ea6fd5004bcf2daaa7651f87f60a726c82e8c8693d9f3836af9
-
SSDEEP
6144:cASg70AAidDr7vOw61DQLlEvMUcc3YYOiqV9YKbhwtXSzFm8DMLb:cAS3SrmQL2EBVpV+gWWFm8DMLb
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-