General
-
Target
VirusShare_61c20b58258b1d414625a07c7f519ddf
-
Size
378KB
-
Sample
240204-qsw5rsahd8
-
MD5
61c20b58258b1d414625a07c7f519ddf
-
SHA1
52c6194de9d5f542484ca200db532091c8c9698a
-
SHA256
eeb78b412ffb9013f5699f803658929949b9f73eb4dec226a1a6b643237fe7c1
-
SHA512
3d31f7bc53fd712facebdbac7fbc6905900c00eb777e8444c93739972fb2d58d5eb111d8bf321f263a7a9494638f570c59873e518b577a1aa0ac117a1bdf46bb
-
SSDEEP
6144:eH0PQIW7BYcZ8jUbG5p6LhEuMra5+7Cr19oX5UM9NOHsaml/aLO16QuPqLPFv5x8:eUP+FOHqVTGiMqsamRHMPA6
Static task
static1
Behavioral task
behavioral1
Sample
VirusShare_61c20b58258b1d414625a07c7f519ddf.exe
Resource
win7-20231215-en
Malware Config
Extracted
cybergate
v1.07.5
ipconcon
causajeje.no-ip.biz:2000
487124K6X2M73U
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
install
-
install_file
Win32.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
Remote Administration anywhere in the world.
-
message_box_title
CyberGate
-
password
123456
-
regkey_hkcu
Win32
-
regkey_hklm
Win32
Targets
-
-
Target
VirusShare_61c20b58258b1d414625a07c7f519ddf
-
Size
378KB
-
MD5
61c20b58258b1d414625a07c7f519ddf
-
SHA1
52c6194de9d5f542484ca200db532091c8c9698a
-
SHA256
eeb78b412ffb9013f5699f803658929949b9f73eb4dec226a1a6b643237fe7c1
-
SHA512
3d31f7bc53fd712facebdbac7fbc6905900c00eb777e8444c93739972fb2d58d5eb111d8bf321f263a7a9494638f570c59873e518b577a1aa0ac117a1bdf46bb
-
SSDEEP
6144:eH0PQIW7BYcZ8jUbG5p6LhEuMra5+7Cr19oX5UM9NOHsaml/aLO16QuPqLPFv5x8:eUP+FOHqVTGiMqsamRHMPA6
-
Detects binaries and memory artifacts referencing sandbox product IDs
-
Suspicious use of SetThreadContext
-