General
-
Target
7500ce0c4a42420ae8e50c241974c891
-
Size
1.3MB
-
Sample
240125-t9pnssahg6
-
MD5
7500ce0c4a42420ae8e50c241974c891
-
SHA1
be311f95a2af46db1366aca7c646c11d89454c18
-
SHA256
7f6fa7cb7c1b8bbc8ddc2f73960480f528250fac8842912520edf85b64924605
-
SHA512
007be785b20216cdae025af249b5a189735dfad746de44799432ab4233d338cc4ac131c0d3b9bcca7256b38bba21082ba571affe540cbf95a5e4526c5e6c5313
-
SSDEEP
24576:SREZ+/P4hfk7jxzh0r6tr+L4U+sufkCTEy7OMyuXl38r8U:SREnOYKrU4ZtfzTEyfw
Static task
static1
Behavioral task
behavioral1
Sample
7500ce0c4a42420ae8e50c241974c891.exe
Resource
win7-20231215-en
Malware Config
Extracted
cybergate
v1.01.8
King
kingz.zapto.org:4578
CyberGate1
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
Winbooter
-
install_file
svchost.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
Owned?
-
message_box_title
CyberGate
-
password
420
-
regkey_hkcu
HKCU
-
regkey_hklm
HKLM
Targets
-
-
Target
7500ce0c4a42420ae8e50c241974c891
-
Size
1.3MB
-
MD5
7500ce0c4a42420ae8e50c241974c891
-
SHA1
be311f95a2af46db1366aca7c646c11d89454c18
-
SHA256
7f6fa7cb7c1b8bbc8ddc2f73960480f528250fac8842912520edf85b64924605
-
SHA512
007be785b20216cdae025af249b5a189735dfad746de44799432ab4233d338cc4ac131c0d3b9bcca7256b38bba21082ba571affe540cbf95a5e4526c5e6c5313
-
SSDEEP
24576:SREZ+/P4hfk7jxzh0r6tr+L4U+sufkCTEy7OMyuXl38r8U:SREnOYKrU4ZtfzTEyfw
-
Adds policy Run key to start application
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-