General
-
Target
b31b0e51438a2c2b501ad090edd78ad17a914d310843c551ce2a80d8a6297f69
-
Size
1.0MB
-
Sample
230129-lyqgysac42
-
MD5
2a7463a6a8c0d8070bba46d64d7bf510
-
SHA1
42ca122e7cd13cfc9b92ac21bdaceb2bd907472a
-
SHA256
b31b0e51438a2c2b501ad090edd78ad17a914d310843c551ce2a80d8a6297f69
-
SHA512
e033750b7308cd084946ad842eba236d95b6c485958e82490d1a71ea164a605f6c57f001f8992daf2fe9f2286b8661599d8962b6c681ff76577729d754c034f5
-
SSDEEP
12288:TdBxXYib/OGpEhmnH5rfC3oVMM8rUG2fSOfF9TH8JqxpwKcIQUdZ9xxVPC:JXXYib/+4JfCoorU17ffTHEqHwzrUzfC
Static task
static1
Behavioral task
behavioral1
Sample
b31b0e51438a2c2b501ad090edd78ad17a914d310843c551ce2a80d8a6297f69.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
b31b0e51438a2c2b501ad090edd78ad17a914d310843c551ce2a80d8a6297f69.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
cybergate
2.7 Final
Victima
192.168.0.17:84
192.168.0.1:84
85.137.57.212:84
192.168.0.10:84
192.168.0.22:84
62.42.230.24, 62.42.63.52:84
62.42.63.52:84
62.42.230.24:84
***MUTEX***
-
enable_keylogger
true
-
enable_message_box
true
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
install
-
install_file
explores.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
Consulte con Megal 24
-
message_box_title
Error 404
-
password
101010
-
regkey_hkcu
HKCU
-
regkey_hklm
HKLM
Targets
-
-
Target
b31b0e51438a2c2b501ad090edd78ad17a914d310843c551ce2a80d8a6297f69
-
Size
1.0MB
-
MD5
2a7463a6a8c0d8070bba46d64d7bf510
-
SHA1
42ca122e7cd13cfc9b92ac21bdaceb2bd907472a
-
SHA256
b31b0e51438a2c2b501ad090edd78ad17a914d310843c551ce2a80d8a6297f69
-
SHA512
e033750b7308cd084946ad842eba236d95b6c485958e82490d1a71ea164a605f6c57f001f8992daf2fe9f2286b8661599d8962b6c681ff76577729d754c034f5
-
SSDEEP
12288:TdBxXYib/OGpEhmnH5rfC3oVMM8rUG2fSOfF9TH8JqxpwKcIQUdZ9xxVPC:JXXYib/+4JfCoorU17ffTHEqHwzrUzfC
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-