General
-
Target
83e33f1b50821b558b878604d92a511f
-
Size
723KB
-
Sample
240131-jzbn3sfhd7
-
MD5
83e33f1b50821b558b878604d92a511f
-
SHA1
6be0db13a05d692c0d3e9f6162ee8d0caddba5da
-
SHA256
35a272970099110a4edfb66f9bc4c1e45558f1119be94594cd15e74a7bef1b1b
-
SHA512
bd243b8b6cd95038911c06380e9b7343c74c938c08ac25089bcfad60beff918a07961d8ac26d1cbfc2749fd4b5bc2c607821100e9e0b42b86a353f9ca437b174
-
SSDEEP
12288:JPNJ98HVVIzHJZJREe1sgDCg4hzmm7pyfm1rZ2zkPaCxh:daCtrsYOmYyetZOklX
Static task
static1
Behavioral task
behavioral1
Sample
83e33f1b50821b558b878604d92a511f.exe
Resource
win7-20231215-en
Malware Config
Extracted
cybergate
2.6
vítima
192.168.1.2:81
silentdownloads.no-ip.org:81
***MUTEX***
-
enable_keylogger
true
-
enable_message_box
true
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
install
-
install_file
server.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
Teste
-
message_box_title
Teste
-
password
abcd1234
Targets
-
-
Target
83e33f1b50821b558b878604d92a511f
-
Size
723KB
-
MD5
83e33f1b50821b558b878604d92a511f
-
SHA1
6be0db13a05d692c0d3e9f6162ee8d0caddba5da
-
SHA256
35a272970099110a4edfb66f9bc4c1e45558f1119be94594cd15e74a7bef1b1b
-
SHA512
bd243b8b6cd95038911c06380e9b7343c74c938c08ac25089bcfad60beff918a07961d8ac26d1cbfc2749fd4b5bc2c607821100e9e0b42b86a353f9ca437b174
-
SSDEEP
12288:JPNJ98HVVIzHJZJREe1sgDCg4hzmm7pyfm1rZ2zkPaCxh:daCtrsYOmYyetZOklX
-
Adds policy Run key to start application
-
Modifies Installed Components in the registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-