General
-
Target
a2518fe8aac4f44ce61e20efb5f381bd
-
Size
342KB
-
Sample
231227-efxpzsbcf4
-
MD5
a2518fe8aac4f44ce61e20efb5f381bd
-
SHA1
e258430fd300655423b62b6ab07889821b16f010
-
SHA256
e538c9e5c2e65b5161c0bc9923d9a0ef3b423a215f68eab73f60f1f5f6b3acb7
-
SHA512
95a1da93a0b151c72bb50434d8304f669db71aef0da83a3125c058fad76b3657769e1e45c717eb7241216758f050efbbe001692c96bdace2cd7079519f80be2d
-
SSDEEP
6144:B3WRU8iVrct9II/0YU0bR50taAv9MusBBJJmrbjK9tBokOJqjnNWFb:NjjVrctx/0Yj5Maqe96bC0kOJqjNW
Static task
static1
Behavioral task
behavioral1
Sample
a2518fe8aac4f44ce61e20efb5f381bd.exe
Resource
win7-20231215-en
Malware Config
Extracted
cybergate
2.6
1877
fir3wall.zapto.org:84
127.0.0.1:84
***MUTEX***
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
rundll
-
install_file
rundll32.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
texto da mensagem
-
message_box_title
tÃtulo da mensagem
-
password
abcd1234
-
regkey_hkcu
rundll32
-
regkey_hklm
rundll
Targets
-
-
Target
a2518fe8aac4f44ce61e20efb5f381bd
-
Size
342KB
-
MD5
a2518fe8aac4f44ce61e20efb5f381bd
-
SHA1
e258430fd300655423b62b6ab07889821b16f010
-
SHA256
e538c9e5c2e65b5161c0bc9923d9a0ef3b423a215f68eab73f60f1f5f6b3acb7
-
SHA512
95a1da93a0b151c72bb50434d8304f669db71aef0da83a3125c058fad76b3657769e1e45c717eb7241216758f050efbbe001692c96bdace2cd7079519f80be2d
-
SSDEEP
6144:B3WRU8iVrct9II/0YU0bR50taAv9MusBBJJmrbjK9tBokOJqjnNWFb:NjjVrctx/0Yj5Maqe96bC0kOJqjNW
-
Adds policy Run key to start application
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-