General
-
Target
VirusShare_13ebcba1126d67413a152e36ce133627
-
Size
476KB
-
Sample
240207-gy9hlsfagp
-
MD5
13ebcba1126d67413a152e36ce133627
-
SHA1
cf73f85a3fe8e7b92054bb5b8190284338a1bc87
-
SHA256
0ef05c302a3b2c753e6ab4fc70ebaf6e41df265ce91ca78e46f89a9a4917ce34
-
SHA512
51345773b0eb57737860a4f286372c216716b859970952957d1e7f2c9a466e246976e3c3236ffd0df7e109cd4add4b4e11371f514136151e55e6a52d6b7fe029
-
SSDEEP
12288:Tp7yjRXIKTodchHz+8peVUuEQxFOX/mg4FDmW+L0:INVi8prHvsCL0
Static task
static1
Behavioral task
behavioral1
Sample
VirusShare_13ebcba1126d67413a152e36ce133627.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
VirusShare_13ebcba1126d67413a152e36ce133627.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
cybergate
2.6
ExploiteD
a.statscounter.com.ua:6748
b.statscounter.com.ua:2468
SecurityPatch10
-
enable_keylogger
false
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
tempdir
-
install_file
rundll32.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
texto da mensagem
-
message_box_title
tÃtulo da mensagem
-
password
oper
-
regkey_hkcu
MicrosoftDriverUpdateModule
Targets
-
-
Target
VirusShare_13ebcba1126d67413a152e36ce133627
-
Size
476KB
-
MD5
13ebcba1126d67413a152e36ce133627
-
SHA1
cf73f85a3fe8e7b92054bb5b8190284338a1bc87
-
SHA256
0ef05c302a3b2c753e6ab4fc70ebaf6e41df265ce91ca78e46f89a9a4917ce34
-
SHA512
51345773b0eb57737860a4f286372c216716b859970952957d1e7f2c9a466e246976e3c3236ffd0df7e109cd4add4b4e11371f514136151e55e6a52d6b7fe029
-
SSDEEP
12288:Tp7yjRXIKTodchHz+8peVUuEQxFOX/mg4FDmW+L0:INVi8prHvsCL0
-
Detects binaries and memory artifacts referencing sandbox product IDs
-
UPX dump on OEP (original entry point)
-
Adds policy Run key to start application
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-