General
-
Target
c92f6b42a6f4e14dd213d18200bb85be
-
Size
354KB
-
Sample
240314-vydylacb39
-
MD5
c92f6b42a6f4e14dd213d18200bb85be
-
SHA1
b2f40c028e695eba16ea5c8f5e70d0eae0f74d4e
-
SHA256
6bc723b45666ef84b6c48ed485a449f846a07443ebd9c2143f0d203a30b43363
-
SHA512
60e86b9e512cc402e1b6649717597c1f3033a6cd26246f0607aa4316ceb1647b020be8ac53f9675e2757ca96417d65b3fe5eff00dd9628279707f4f821b72aed
-
SSDEEP
6144:+QoPVuxcoSoMxCqs3CE4oBxC/YCJ/O1hYKILiYks1/mM1:+QskcoSpCqzFo6d/O12Jr51/mM1
Static task
static1
Behavioral task
behavioral1
Sample
c92f6b42a6f4e14dd213d18200bb85be.exe
Resource
win7-20240221-en
Malware Config
Extracted
cybergate
v1.07.5
remote
127.0.0.1:999
thermyte.dyndns.org:90
2EMXV1YF0KFPC6
-
enable_keylogger
false
-
enable_message_box
true
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
install
-
install_file
server.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
winrar
-
message_box_title
Password:
-
password
cybergate
Targets
-
-
Target
c92f6b42a6f4e14dd213d18200bb85be
-
Size
354KB
-
MD5
c92f6b42a6f4e14dd213d18200bb85be
-
SHA1
b2f40c028e695eba16ea5c8f5e70d0eae0f74d4e
-
SHA256
6bc723b45666ef84b6c48ed485a449f846a07443ebd9c2143f0d203a30b43363
-
SHA512
60e86b9e512cc402e1b6649717597c1f3033a6cd26246f0607aa4316ceb1647b020be8ac53f9675e2757ca96417d65b3fe5eff00dd9628279707f4f821b72aed
-
SSDEEP
6144:+QoPVuxcoSoMxCqs3CE4oBxC/YCJ/O1hYKILiYks1/mM1:+QskcoSpCqzFo6d/O12Jr51/mM1
-
Adds policy Run key to start application
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-