General
-
Target
c4642ce972dab858e7c582755d9dee09
-
Size
358KB
-
Sample
240312-3kfh9sec6y
-
MD5
c4642ce972dab858e7c582755d9dee09
-
SHA1
289a894cde67021cca675389e637ffbd5740fc56
-
SHA256
b81813bc5329c33bfa9681bd4ed0e7be7a8abfa9416d28845e554e6968970436
-
SHA512
280236ab9792d11aae09dc78b6881ad3791dd8ad6932c72ed7c6e0f7bd38db9d164427fdba2d8a91609f83d4ff5a336fe584e30febf0e287782c358c52c29c48
-
SSDEEP
6144:mIhMHEdHM9+XLC652yftLmeIdJZKT9Bbg9YpQEjE9tLjn8n1zfvqgC94x4VT1f0:mIakds94LWmqeiJZ+5NpQEknw1jTx430
Static task
static1
Behavioral task
behavioral1
Sample
c4642ce972dab858e7c582755d9dee09.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
c4642ce972dab858e7c582755d9dee09.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
cybergate
v1.07.5
remote
127.0.0.1:999
71.128.69.86:1337
LR8FR1EW4UT2IK
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
install
-
install_file
server.exe
-
install_flag
false
-
keylogger_enable_ftp
false
-
message_box_caption
Remote Administration anywhere in the world.
-
message_box_title
CyberGate
-
password
1234
Targets
-
-
Target
c4642ce972dab858e7c582755d9dee09
-
Size
358KB
-
MD5
c4642ce972dab858e7c582755d9dee09
-
SHA1
289a894cde67021cca675389e637ffbd5740fc56
-
SHA256
b81813bc5329c33bfa9681bd4ed0e7be7a8abfa9416d28845e554e6968970436
-
SHA512
280236ab9792d11aae09dc78b6881ad3791dd8ad6932c72ed7c6e0f7bd38db9d164427fdba2d8a91609f83d4ff5a336fe584e30febf0e287782c358c52c29c48
-
SSDEEP
6144:mIhMHEdHM9+XLC652yftLmeIdJZKT9Bbg9YpQEjE9tLjn8n1zfvqgC94x4VT1f0:mIakds94LWmqeiJZ+5NpQEknw1jTx430
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-