General
-
Target
9456bdad35132c370721b1ec07edffec
-
Size
323KB
-
Sample
240206-k6qbgseeaq
-
MD5
9456bdad35132c370721b1ec07edffec
-
SHA1
d6ecf0d4297e4d61ac88ba86d0688b2a558432cb
-
SHA256
a19daeb4f982cfbbc7a63d279b3b677a1c9ee593a9987a521f3e44f573bad686
-
SHA512
e068134a553174eef7848593034d866845d7004f033bc4b501e63494a50fba22304981f31d9869b8282d6f3ce9a02f1117a120751755fdb01c54482fab4f8593
-
SSDEEP
6144:ndw2Csb8mqJbM81vZqcM3Y6hR8nJ+ROk/ID5d5V+7voxEIARfueJdUq/bWPtUXNw:dw2CsbwbnJMo6hRIJ+ck65dHkoSjc+/S
Static task
static1
Behavioral task
behavioral1
Sample
9456bdad35132c370721b1ec07edffec.exe
Resource
win7-20231129-en
Malware Config
Extracted
cybergate
2.7 Beta 02
vítima
127.0.0.1:81
***MUTEX***
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
install
-
install_file
server.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
texto da mensagem
-
message_box_title
título da mensagem
-
password
abcd1234
Targets
-
-
Target
9456bdad35132c370721b1ec07edffec
-
Size
323KB
-
MD5
9456bdad35132c370721b1ec07edffec
-
SHA1
d6ecf0d4297e4d61ac88ba86d0688b2a558432cb
-
SHA256
a19daeb4f982cfbbc7a63d279b3b677a1c9ee593a9987a521f3e44f573bad686
-
SHA512
e068134a553174eef7848593034d866845d7004f033bc4b501e63494a50fba22304981f31d9869b8282d6f3ce9a02f1117a120751755fdb01c54482fab4f8593
-
SSDEEP
6144:ndw2Csb8mqJbM81vZqcM3Y6hR8nJ+ROk/ID5d5V+7voxEIARfueJdUq/bWPtUXNw:dw2CsbwbnJMo6hRIJ+ck65dHkoSjc+/S
-
Adds policy Run key to start application
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-