General
-
Target
ba30cf259f6212a8b1e1ef6f7c71c7be53ede3a80c9d6a423237bc0c4e224d2b
-
Size
500KB
-
Sample
230129-k1tfysab5v
-
MD5
2beeb28066bebbc7413c177a95423b6e
-
SHA1
ab487604abc06e9e313156986e262c4ca0705d82
-
SHA256
ba30cf259f6212a8b1e1ef6f7c71c7be53ede3a80c9d6a423237bc0c4e224d2b
-
SHA512
b581db7b9ef6114d6ad89f533a0c87bc519c115c932caab04314d9bee6ffd7402519ef09bc4e8d54fcee2198c3eb466cdc86d5ad96d6867f71283ff4b9b8de61
-
SSDEEP
12288:UF5nN3kwcpKk3atHKjs6yhg68U6Uu9eN:UF5N31lgjsx/B6
Static task
static1
Behavioral task
behavioral1
Sample
ba30cf259f6212a8b1e1ef6f7c71c7be53ede3a80c9d6a423237bc0c4e224d2b.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
ba30cf259f6212a8b1e1ef6f7c71c7be53ede3a80c9d6a423237bc0c4e224d2b.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
cybergate
v1.05.1
System
rambler.3utilities.com:25000
M80U2O834D5551
-
enable_keylogger
false
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
WinRAR
-
install_file
WinRARExt.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
Remote Administration anywhere in the world.
-
message_box_title
CyberGate
-
password
priv
-
regkey_hkcu
WinRARn
-
regkey_hklm
WinRARn
Targets
-
-
Target
ba30cf259f6212a8b1e1ef6f7c71c7be53ede3a80c9d6a423237bc0c4e224d2b
-
Size
500KB
-
MD5
2beeb28066bebbc7413c177a95423b6e
-
SHA1
ab487604abc06e9e313156986e262c4ca0705d82
-
SHA256
ba30cf259f6212a8b1e1ef6f7c71c7be53ede3a80c9d6a423237bc0c4e224d2b
-
SHA512
b581db7b9ef6114d6ad89f533a0c87bc519c115c932caab04314d9bee6ffd7402519ef09bc4e8d54fcee2198c3eb466cdc86d5ad96d6867f71283ff4b9b8de61
-
SSDEEP
12288:UF5nN3kwcpKk3atHKjs6yhg68U6Uu9eN:UF5N31lgjsx/B6
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-