General
-
Target
117af29c18109c0db3265643381e3f71a8bfc17a2679055f3d01ebdbd0703833
-
Size
22.0MB
-
Sample
221201-gry4asba48
-
MD5
6573e78244159f87aa58d6c744037738
-
SHA1
4c616f4396630364a17364a1b08ec37a03b97691
-
SHA256
117af29c18109c0db3265643381e3f71a8bfc17a2679055f3d01ebdbd0703833
-
SHA512
576805c66e717d622bc368e7103df9d151ca1a528ba99e142dcf7d99eea74c45090925c7cb80889c03abfd9cf851d108cb677c82006b763b88681d10ada8ad16
-
SSDEEP
12288:4d4EXG0jqGja7xZAk9GNy3Gcxaj4cY5snYT/KQxbeqXfvGISQpP:4dfDOGcXuy3GH0d6ILmRw
Static task
static1
Behavioral task
behavioral1
Sample
117af29c18109c0db3265643381e3f71a8bfc17a2679055f3d01ebdbd0703833.exe
Resource
win7-20221111-en
Malware Config
Extracted
cybergate
v3.4.2.2
abc
mediaserver32.hopto.org:1050
DT77JONX5RBIUG
-
enable_keylogger
false
-
enable_message_box
false
-
ftp_directory
./logs
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
MSMedia
-
install_file
nvcsvc.exe
-
install_flag
false
-
keylogger_enable_ftp
false
-
message_box_caption
Remote Administration anywhere in the world.
-
message_box_title
CyberGate
-
password
mypass
-
regkey_hkcu
MediaHD
Targets
-
-
Target
117af29c18109c0db3265643381e3f71a8bfc17a2679055f3d01ebdbd0703833
-
Size
22.0MB
-
MD5
6573e78244159f87aa58d6c744037738
-
SHA1
4c616f4396630364a17364a1b08ec37a03b97691
-
SHA256
117af29c18109c0db3265643381e3f71a8bfc17a2679055f3d01ebdbd0703833
-
SHA512
576805c66e717d622bc368e7103df9d151ca1a528ba99e142dcf7d99eea74c45090925c7cb80889c03abfd9cf851d108cb677c82006b763b88681d10ada8ad16
-
SSDEEP
12288:4d4EXG0jqGja7xZAk9GNy3Gcxaj4cY5snYT/KQxbeqXfvGISQpP:4dfDOGcXuy3GH0d6ILmRw
-
Drops startup file
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-