General
-
Target
bc500b8a6c897f33f9623961ce58e0fe
-
Size
649KB
-
Sample
240309-vcdqpsdc3s
-
MD5
bc500b8a6c897f33f9623961ce58e0fe
-
SHA1
5dad5a3374d3998eeb8a60de7390612da41b6f41
-
SHA256
3d1bc5b5462fe94a97a76643bf7477b86475beaf5ae819963ede6226fbe647b3
-
SHA512
d94af33f34b1d775868a655504bb5853af6c29f8246b8aa315288f42c702f250c47b90f10bbb17a3e36dd5855d126f939ad6caa8388960a090fbf7c00ee7dbf6
-
SSDEEP
12288:ncD66AQ4dLOSwCDfJqlE6uGiGSAlVLuBRzXA2oAMHVB66EYAUTS9D/ksSzQR:n5LtwCc26uGi2VCHXSBzTaDMsAQR
Behavioral task
behavioral1
Sample
bc500b8a6c897f33f9623961ce58e0fe.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
bc500b8a6c897f33f9623961ce58e0fe.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
cybergate
2.7 Final
vítima
127.0.0.1:81
***MUTEX***
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
ftp_password
ª÷Öº+Þ
-
ftp_port
21
-
ftp_server
ftp.server.com
-
ftp_username
ftp_user
-
injected_process
explorer.exe
-
install_dir
install
-
install_file
server.exe
-
install_flag
true
-
keylogger_enable_ftp
true
-
message_box_caption
texto da mensagem
-
message_box_title
título da mensagem
-
password
abcd1234
Targets
-
-
Target
bc500b8a6c897f33f9623961ce58e0fe
-
Size
649KB
-
MD5
bc500b8a6c897f33f9623961ce58e0fe
-
SHA1
5dad5a3374d3998eeb8a60de7390612da41b6f41
-
SHA256
3d1bc5b5462fe94a97a76643bf7477b86475beaf5ae819963ede6226fbe647b3
-
SHA512
d94af33f34b1d775868a655504bb5853af6c29f8246b8aa315288f42c702f250c47b90f10bbb17a3e36dd5855d126f939ad6caa8388960a090fbf7c00ee7dbf6
-
SSDEEP
12288:ncD66AQ4dLOSwCDfJqlE6uGiGSAlVLuBRzXA2oAMHVB66EYAUTS9D/ksSzQR:n5LtwCc26uGi2VCHXSBzTaDMsAQR
Score10/10-
Adds policy Run key to start application
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-