General
-
Target
ec22cb3ef7f6950fc69fb6f953c5419aa46063f7f99ce149a7af79f5e470b7eb
-
Size
452KB
-
Sample
221204-pp8hysdc9w
-
MD5
121c5efe1422bad203e907e8a44b0e20
-
SHA1
84638ef5445ac901628e3733e9bea075180d40da
-
SHA256
ec22cb3ef7f6950fc69fb6f953c5419aa46063f7f99ce149a7af79f5e470b7eb
-
SHA512
47e99d384b856cfa448544aa8b5943841f0f13fe0d122aa7c8f27488d71a551b8d5ade25d0cf25b49a089cc183e9f5f4ef080e5488f0e8bc03b64dc26649658b
-
SSDEEP
12288:jDGRaAAAAAAAAAAAAACAAAAAw4E/sdYMpCNeL5Jp0OxmxKFSvgiPH:jS8AAAAAAAAAAAAACAAAAAw4EEdrpC0i
Static task
static1
Behavioral task
behavioral1
Sample
ec22cb3ef7f6950fc69fb6f953c5419aa46063f7f99ce149a7af79f5e470b7eb.exe
Resource
win7-20220812-en
Malware Config
Extracted
cybergate
2.6
Victima
dfrreaccountsnew.no-ip.org:3012
***xMUTEx***
-
enable_keylogger
false
-
enable_message_box
true
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
Uninstall
-
install_file
root
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
dll.start
-
message_box_title
Expired program
-
password
anonymous
-
regkey_hkcu
HKCU
-
regkey_hklm
HKLM
Targets
-
-
Target
ec22cb3ef7f6950fc69fb6f953c5419aa46063f7f99ce149a7af79f5e470b7eb
-
Size
452KB
-
MD5
121c5efe1422bad203e907e8a44b0e20
-
SHA1
84638ef5445ac901628e3733e9bea075180d40da
-
SHA256
ec22cb3ef7f6950fc69fb6f953c5419aa46063f7f99ce149a7af79f5e470b7eb
-
SHA512
47e99d384b856cfa448544aa8b5943841f0f13fe0d122aa7c8f27488d71a551b8d5ade25d0cf25b49a089cc183e9f5f4ef080e5488f0e8bc03b64dc26649658b
-
SSDEEP
12288:jDGRaAAAAAAAAAAAAACAAAAAw4E/sdYMpCNeL5Jp0OxmxKFSvgiPH:jS8AAAAAAAAAAAAACAAAAAw4EEdrpC0i
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Program crash
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-