General
-
Target
ce49666457515616f7b7f1a33e6c759c32122c2b0bb666c1042a7494d576123f
-
Size
907KB
-
Sample
230129-g15mfada4y
-
MD5
3a4d7f1f03f534519318ffe5ac0a0bce
-
SHA1
14d751d1159da5e57dabd92f0939717deda89a29
-
SHA256
ce49666457515616f7b7f1a33e6c759c32122c2b0bb666c1042a7494d576123f
-
SHA512
1a33f8e9454d7b499cbdc1a77202db649a949fd91c9b31685a41ad81d984c15e1792b124549f5a4cff6ffed3ec62370a744b3dbe32704382e07b1c12241de157
-
SSDEEP
24576:YKwQrsiK3Sr0ckHCb2YXPbX/SLTPvgxT3:YKl83VckHyPb6L0x
Static task
static1
Behavioral task
behavioral1
Sample
ce49666457515616f7b7f1a33e6c759c32122c2b0bb666c1042a7494d576123f.exe
Resource
win7-20220812-en
Malware Config
Extracted
cybergate
2.6
hack
127.0.0.1:85
qiqi.no-ip.info:85
***MUTEX***
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
install
-
install_file
server.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
texto da mensagem
-
message_box_title
tÃtulo da mensagem
-
password
abcd1234
-
regkey_hkcu
HKCU
-
regkey_hklm
HKLM
Targets
-
-
Target
ce49666457515616f7b7f1a33e6c759c32122c2b0bb666c1042a7494d576123f
-
Size
907KB
-
MD5
3a4d7f1f03f534519318ffe5ac0a0bce
-
SHA1
14d751d1159da5e57dabd92f0939717deda89a29
-
SHA256
ce49666457515616f7b7f1a33e6c759c32122c2b0bb666c1042a7494d576123f
-
SHA512
1a33f8e9454d7b499cbdc1a77202db649a949fd91c9b31685a41ad81d984c15e1792b124549f5a4cff6ffed3ec62370a744b3dbe32704382e07b1c12241de157
-
SSDEEP
24576:YKwQrsiK3Sr0ckHCb2YXPbX/SLTPvgxT3:YKl83VckHyPb6L0x
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-