General
-
Target
8f75c8b3c86a43a1c24c0ddd7232bcfbb34bdc0a4081567bc001df0369b428b7
-
Size
177KB
-
Sample
221130-mf75qabh36
-
MD5
ba97763ef9562d99b096c79a50744a0f
-
SHA1
0acfd485ffb71e1c1d34ca539b4b0b694c8c3c00
-
SHA256
8f75c8b3c86a43a1c24c0ddd7232bcfbb34bdc0a4081567bc001df0369b428b7
-
SHA512
9444de046edebbe1b1187dd4aa0b598a548d45d8498eb5bde7d6fe7543b8d2733df87236ab7c6af93f28f0fbb4d8bd68ef47682465980d091c1b53c34bde637c
-
SSDEEP
3072:PATpuydVEOyqGnlqxIl4ZgBKhdOhbYCkW7E/Zuuke0Ey:POpslFlqbhdBCkWYxuukx
Behavioral task
behavioral1
Sample
8f75c8b3c86a43a1c24c0ddd7232bcfbb34bdc0a4081567bc001df0369b428b7.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
8f75c8b3c86a43a1c24c0ddd7232bcfbb34bdc0a4081567bc001df0369b428b7.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
cybergate
v1.07.5
Dylan
dyland.no-ip.biz:82
6V3A2A2JL2BQN1
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
install
-
install_file
server.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
Remote Administration anywhere in the world.
-
message_box_title
CyberGate
-
password
123456
-
regkey_hkcu
HKCU
-
regkey_hklm
HKLM
Targets
-
-
Target
8f75c8b3c86a43a1c24c0ddd7232bcfbb34bdc0a4081567bc001df0369b428b7
-
Size
177KB
-
MD5
ba97763ef9562d99b096c79a50744a0f
-
SHA1
0acfd485ffb71e1c1d34ca539b4b0b694c8c3c00
-
SHA256
8f75c8b3c86a43a1c24c0ddd7232bcfbb34bdc0a4081567bc001df0369b428b7
-
SHA512
9444de046edebbe1b1187dd4aa0b598a548d45d8498eb5bde7d6fe7543b8d2733df87236ab7c6af93f28f0fbb4d8bd68ef47682465980d091c1b53c34bde637c
-
SSDEEP
3072:PATpuydVEOyqGnlqxIl4ZgBKhdOhbYCkW7E/Zuuke0Ey:POpslFlqbhdBCkWYxuukx
Score1/10 -