General
-
Target
529eeb1b929ff91eb605f5fb92be9057
-
Size
306KB
-
Sample
240111-fv8w8sfber
-
MD5
529eeb1b929ff91eb605f5fb92be9057
-
SHA1
308dda5562700b11ffa0d8ff330d45729b84c4b1
-
SHA256
fc88467c7141084da28eca1d619802d58114d84e16c399e2d63f38f5e2fb594b
-
SHA512
1bb0c19d8792c1bdc64970a40f367ec464415cf4b0975ed4ab58868a7f9d5883172233822b4939cb4245e3295807679b596a6b7e82f3956908acd17b8a03a282
-
SSDEEP
6144:xW5nVTPBAxL0oiUKinILgvc2pU74hCyxGZqNJGqJoPF/XbgXRvmS:xW5o+oTKv2pQ4Fx/NJXQ/bivmS
Static task
static1
Behavioral task
behavioral1
Sample
529eeb1b929ff91eb605f5fb92be9057.exe
Resource
win7-20231215-en
Malware Config
Extracted
cybergate
v1.07.5
victima
servinpetraca.zapto.org:2000
G5UK3GU6SR48V8
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
svchost.exe
-
install_dir
Intel
-
install_file
Intel.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
System Check Incomplete
-
message_box_title
Error
-
password
1992
-
regkey_hkcu
HKCU
-
regkey_hklm
HKLM
Targets
-
-
Target
529eeb1b929ff91eb605f5fb92be9057
-
Size
306KB
-
MD5
529eeb1b929ff91eb605f5fb92be9057
-
SHA1
308dda5562700b11ffa0d8ff330d45729b84c4b1
-
SHA256
fc88467c7141084da28eca1d619802d58114d84e16c399e2d63f38f5e2fb594b
-
SHA512
1bb0c19d8792c1bdc64970a40f367ec464415cf4b0975ed4ab58868a7f9d5883172233822b4939cb4245e3295807679b596a6b7e82f3956908acd17b8a03a282
-
SSDEEP
6144:xW5nVTPBAxL0oiUKinILgvc2pU74hCyxGZqNJGqJoPF/XbgXRvmS:xW5o+oTKv2pQ4Fx/NJXQ/bivmS
-
Adds policy Run key to start application
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-