General
-
Target
9465f58dfcbb048fc5f630cbe62c7d4aa7929177819b7260c21985bd82aa3e6b
-
Size
584KB
-
Sample
221205-a187asah22
-
MD5
41456a74bd8c4e5742aaa20154bb943e
-
SHA1
222267b37ba08e01c4f9b7de245bec6566da2ded
-
SHA256
9465f58dfcbb048fc5f630cbe62c7d4aa7929177819b7260c21985bd82aa3e6b
-
SHA512
837607d9f43f34295c7fdaad24290e03dbc972a5d361da5a8b0dbb6e420038ce42da94c91664deb7c8b37bf09b158d0117d1751bbe2dd8f634cc612a412dc4ab
-
SSDEEP
12288:HlOcwdthUEA4XIdByJcqSOl3S8ks/S6a/BdwYNey8:HlSdXT+dBehF3X1S6ufYX
Static task
static1
Behavioral task
behavioral1
Sample
9465f58dfcbb048fc5f630cbe62c7d4aa7929177819b7260c21985bd82aa3e6b.exe
Resource
win7-20221111-en
Malware Config
Extracted
cybergate
v1.01.17
Microsoft
streppone.no-ip.biz:1640
CyberGate1
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
Windows-Explorer
-
install_dir
Windows-Explorer
-
install_file
Windows-Explorer
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
Remote Administration anywhere in the world.
-
message_box_title
CyberGate
-
password
123456
Targets
-
-
Target
9465f58dfcbb048fc5f630cbe62c7d4aa7929177819b7260c21985bd82aa3e6b
-
Size
584KB
-
MD5
41456a74bd8c4e5742aaa20154bb943e
-
SHA1
222267b37ba08e01c4f9b7de245bec6566da2ded
-
SHA256
9465f58dfcbb048fc5f630cbe62c7d4aa7929177819b7260c21985bd82aa3e6b
-
SHA512
837607d9f43f34295c7fdaad24290e03dbc972a5d361da5a8b0dbb6e420038ce42da94c91664deb7c8b37bf09b158d0117d1751bbe2dd8f634cc612a412dc4ab
-
SSDEEP
12288:HlOcwdthUEA4XIdByJcqSOl3S8ks/S6a/BdwYNey8:HlSdXT+dBehF3X1S6ufYX
-
Adds policy Run key to start application
-
Modifies Installed Components in the registry
-
Suspicious use of SetThreadContext
-