General
-
Target
8eb95429446ef6796db4421503049ffdd5f4cc025e34db5725ee0ecb3f9d26eb
-
Size
373KB
-
Sample
221206-ldhllsgg7z
-
MD5
d8fd6a57e90f03f54798a4715d3b3a09
-
SHA1
983f2549f923785375e16f83108fcfc6bec83ea4
-
SHA256
8eb95429446ef6796db4421503049ffdd5f4cc025e34db5725ee0ecb3f9d26eb
-
SHA512
eda487e6508200cf779f3318b68a75266fecef357ae51f3cee678a4a320391df0b1bd52652fda29a5bfc4d92b7322b4650eed97d754f308239eb545c814df948
-
SSDEEP
6144:Drbic2EgMIZd46ye8I/jq62TaMNysfCiWthDRoQu/ok6Qq6Ho2oZqdYV:D/icxgpyeFET6sfCXfRo3QbQhHw
Static task
static1
Behavioral task
behavioral1
Sample
8eb95429446ef6796db4421503049ffdd5f4cc025e34db5725ee0ecb3f9d26eb.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
8eb95429446ef6796db4421503049ffdd5f4cc025e34db5725ee0ecb3f9d26eb.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
cybergate
v1.13.1
Bot
hexrut.sytes.net:82
D307U5NIDDI0T2
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
system32
-
install_file
igfxpers.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
Remote Administration anywhere in the world.
-
message_box_title
CyberGate
-
password
890527q
-
regkey_hkcu
Persistence
-
regkey_hklm
Persistence
Targets
-
-
Target
8eb95429446ef6796db4421503049ffdd5f4cc025e34db5725ee0ecb3f9d26eb
-
Size
373KB
-
MD5
d8fd6a57e90f03f54798a4715d3b3a09
-
SHA1
983f2549f923785375e16f83108fcfc6bec83ea4
-
SHA256
8eb95429446ef6796db4421503049ffdd5f4cc025e34db5725ee0ecb3f9d26eb
-
SHA512
eda487e6508200cf779f3318b68a75266fecef357ae51f3cee678a4a320391df0b1bd52652fda29a5bfc4d92b7322b4650eed97d754f308239eb545c814df948
-
SSDEEP
6144:Drbic2EgMIZd46ye8I/jq62TaMNysfCiWthDRoQu/ok6Qq6Ho2oZqdYV:D/icxgpyeFET6sfCXfRo3QbQhHw
-