General
-
Target
85011d60e6cd542ffa8409047043e016e12ac1035279e9ff5af6936fe38dccad
-
Size
290KB
-
Sample
221128-sgsz3scc68
-
MD5
536880fd4727b38e3af4d99d455529f1
-
SHA1
ea2332ed68549548ae0179d83e5bed12bf53b09e
-
SHA256
85011d60e6cd542ffa8409047043e016e12ac1035279e9ff5af6936fe38dccad
-
SHA512
59d4b1e768422ee9cb1f4715f064c0a9c05d862a07f0fcd52753ec3e89b32bd5ebc101d1d288271e3b6845895ee834a82988042f1bd1a5c3784ce6ee9a2cca7c
-
SSDEEP
6144:4mcD66RRjn5JGmrpQsK3RD2u270jupCJsCxCW:RcD663WZ2zkPaCxz
Behavioral task
behavioral1
Sample
85011d60e6cd542ffa8409047043e016e12ac1035279e9ff5af6936fe38dccad.exe
Resource
win7-20221111-en
Malware Config
Extracted
cybergate
2.6
DeepAA
myvpn.duia.pw:82
U-IF06UNRW
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_file
svchosth.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
Bilgisayarýnýzdaki bütün virüsler baþarýyla silindi
-
message_box_title
Bilgi:
-
password
19031994
-
regkey_hkcu
Ýntel(R) Common User Interfacer
-
regkey_hklm
Ýntel(R) Common User Interfaces
Targets
-
-
Target
85011d60e6cd542ffa8409047043e016e12ac1035279e9ff5af6936fe38dccad
-
Size
290KB
-
MD5
536880fd4727b38e3af4d99d455529f1
-
SHA1
ea2332ed68549548ae0179d83e5bed12bf53b09e
-
SHA256
85011d60e6cd542ffa8409047043e016e12ac1035279e9ff5af6936fe38dccad
-
SHA512
59d4b1e768422ee9cb1f4715f064c0a9c05d862a07f0fcd52753ec3e89b32bd5ebc101d1d288271e3b6845895ee834a82988042f1bd1a5c3784ce6ee9a2cca7c
-
SSDEEP
6144:4mcD66RRjn5JGmrpQsK3RD2u270jupCJsCxCW:RcD663WZ2zkPaCxz
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-