General
-
Target
608032f17af616fd65d2a07f0eadfd67
-
Size
889KB
-
Sample
240116-wfmcpagge7
-
MD5
608032f17af616fd65d2a07f0eadfd67
-
SHA1
22a236074b7656ffaf882345d89f0c7f7c15cc1f
-
SHA256
2acf81b2d92e3f5d477fb2b69eaae7d84ba173d41bf9b3ae5f3231b5f748548e
-
SHA512
2ff1dc4fc93d7dedd4946f942318319b0a1ac051425a5cb042460ec4f97b0ace6b12a0d9aef243bb408f0482348f10f73c5d4294e89c89f2281b2bacffeff0e9
-
SSDEEP
24576:JB2tHKSVY1sx4Chx5vL6AhlHwieQXwIHx7dkMGuZG0dSImr:by3eO5v+oZ/RBFDpA9r
Static task
static1
Behavioral task
behavioral1
Sample
608032f17af616fd65d2a07f0eadfd67.exe
Resource
win7-20231215-en
Malware Config
Extracted
cybergate
v1.02.0
Nouvelle
zehdi.sytes.net:666
75AVG145EP145M
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
Logitech
-
install_file
Kb_103.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
Remote Administration anywhere in the world.
-
message_box_title
FlashGate
-
password
ert321
-
regkey_hkcu
Windows Defender
-
regkey_hklm
Windows Defender
Targets
-
-
Target
608032f17af616fd65d2a07f0eadfd67
-
Size
889KB
-
MD5
608032f17af616fd65d2a07f0eadfd67
-
SHA1
22a236074b7656ffaf882345d89f0c7f7c15cc1f
-
SHA256
2acf81b2d92e3f5d477fb2b69eaae7d84ba173d41bf9b3ae5f3231b5f748548e
-
SHA512
2ff1dc4fc93d7dedd4946f942318319b0a1ac051425a5cb042460ec4f97b0ace6b12a0d9aef243bb408f0482348f10f73c5d4294e89c89f2281b2bacffeff0e9
-
SSDEEP
24576:JB2tHKSVY1sx4Chx5vL6AhlHwieQXwIHx7dkMGuZG0dSImr:by3eO5v+oZ/RBFDpA9r
-
Adds policy Run key to start application
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-