General
-
Target
c8eb07b0b9c58c2737061de0846e139c
-
Size
403KB
-
Sample
240314-sfpk9shc32
-
MD5
c8eb07b0b9c58c2737061de0846e139c
-
SHA1
20ae35ec4ca59722f768dfd1ca77e92d3dd8262b
-
SHA256
cdb1f4cac604a595b7136ebaf6b06fea7e7a9349c12ccf5171feab2e4fd835fe
-
SHA512
2def27599ad6aadedcf2a71f94993842b0b1ad0b1eaa53dfed34d8394113380c679d966cb7fd11b356800f6d31163103f444f88cb048d8fc6054b43dc54ea2a0
-
SSDEEP
6144:QhQ32OkW6IxuWTJF7nA4mV6TDyjp59jj4nDTEAXlJZGYPXBhrrhl77lYxuBR0/:0C3tu+FjxPy1Hjj4DTEWl7TvLXnl7M/
Static task
static1
Behavioral task
behavioral1
Sample
c8eb07b0b9c58c2737061de0846e139c.exe
Resource
win7-20240221-en
Malware Config
Extracted
cybergate
2.6
vítima
127.0.0.1:81
***MUTEX***
-
enable_keylogger
false
-
enable_message_box
true
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
install
-
install_file
server.exe
-
install_flag
false
-
keylogger_enable_ftp
false
-
message_box_caption
texto da mensagem
-
message_box_title
título da mensagem
-
password
abcd1234
Targets
-
-
Target
c8eb07b0b9c58c2737061de0846e139c
-
Size
403KB
-
MD5
c8eb07b0b9c58c2737061de0846e139c
-
SHA1
20ae35ec4ca59722f768dfd1ca77e92d3dd8262b
-
SHA256
cdb1f4cac604a595b7136ebaf6b06fea7e7a9349c12ccf5171feab2e4fd835fe
-
SHA512
2def27599ad6aadedcf2a71f94993842b0b1ad0b1eaa53dfed34d8394113380c679d966cb7fd11b356800f6d31163103f444f88cb048d8fc6054b43dc54ea2a0
-
SSDEEP
6144:QhQ32OkW6IxuWTJF7nA4mV6TDyjp59jj4nDTEAXlJZGYPXBhrrhl77lYxuBR0/:0C3tu+FjxPy1Hjj4DTEWl7TvLXnl7M/
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-