General
-
Target
b535162ec928ada8042d89b3273a2ef0
-
Size
746KB
-
Sample
240305-vkr83abg5x
-
MD5
b535162ec928ada8042d89b3273a2ef0
-
SHA1
9f4f3405c59c34ed8274eb0714ead54dc77ae026
-
SHA256
e48bddd1036da3b51684f64ddebe7f9299e08da75a9a0a344e2c3737044f9ed8
-
SHA512
d69762f91a05ea4d75f52c6d333752978ed372034621dffa53f97e37142c3b6d5df759d055119540e55282bb3d0c832d260a89cae15cdafe03334fe6a73fcae7
-
SSDEEP
12288:s67swF8SAcaTE51EbkEnyQC60IaMF4TG8iYJfUiux04gpWhiqTuePyudY++rn7jb:scZMnyEb4qpYJfrKge+k+r6Lcx
Static task
static1
Behavioral task
behavioral1
Sample
b535162ec928ada8042d89b3273a2ef0.exe
Resource
win7-20240221-en
Malware Config
Extracted
cybergate
v1.07.5
cyber
127.0.0.1:82
127.0.0.1:41111
34Q462P81KSOQ4
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
install
-
install_file
server.exe
-
install_flag
false
-
keylogger_enable_ftp
false
-
message_box_caption
Remote Administration anywhere in the world.
-
message_box_title
CyberGate
-
password
123456
Targets
-
-
Target
b535162ec928ada8042d89b3273a2ef0
-
Size
746KB
-
MD5
b535162ec928ada8042d89b3273a2ef0
-
SHA1
9f4f3405c59c34ed8274eb0714ead54dc77ae026
-
SHA256
e48bddd1036da3b51684f64ddebe7f9299e08da75a9a0a344e2c3737044f9ed8
-
SHA512
d69762f91a05ea4d75f52c6d333752978ed372034621dffa53f97e37142c3b6d5df759d055119540e55282bb3d0c832d260a89cae15cdafe03334fe6a73fcae7
-
SSDEEP
12288:s67swF8SAcaTE51EbkEnyQC60IaMF4TG8iYJfUiux04gpWhiqTuePyudY++rn7jb:scZMnyEb4qpYJfrKge+k+r6Lcx
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-