General
-
Target
cb06452b8fc788c9bb3d858d0ebdac6e
-
Size
376KB
-
Sample
240315-k4lkhseg23
-
MD5
cb06452b8fc788c9bb3d858d0ebdac6e
-
SHA1
e61840e90d2966d1623c231153f273ba7f86bbe0
-
SHA256
212730a8715b18b317d591c7f749354f1821264b50008bddd821b37cb1bf53ea
-
SHA512
80de12a4322ae52b1d855f5fe00f3f108ba8349fb7e81c8b58fb51781f713165b0ed2c87a9b9619d784025b23ad53877d717a16ee77f156e3278429109360763
-
SSDEEP
6144:SnJmTKIpnEcCRq7a1AHIhlhEu0+TuW+jdvj64munmqxS9rd:MJqVGRn1AobhFIhuC5Std
Static task
static1
Behavioral task
behavioral1
Sample
cb06452b8fc788c9bb3d858d0ebdac6e.exe
Resource
win7-20240221-en
Malware Config
Extracted
cybergate
v1.07.5
remote
xxdnsxx.serveirc.com:81
xxdnsxx.serveftp.net:82
E624320F8D377D
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
install
-
install_file
server.exe
-
install_flag
false
-
keylogger_enable_ftp
false
-
message_box_caption
Remote Administration anywhere in the world.
-
message_box_title
CyberGate
-
password
Passw0rd1
Targets
-
-
Target
cb06452b8fc788c9bb3d858d0ebdac6e
-
Size
376KB
-
MD5
cb06452b8fc788c9bb3d858d0ebdac6e
-
SHA1
e61840e90d2966d1623c231153f273ba7f86bbe0
-
SHA256
212730a8715b18b317d591c7f749354f1821264b50008bddd821b37cb1bf53ea
-
SHA512
80de12a4322ae52b1d855f5fe00f3f108ba8349fb7e81c8b58fb51781f713165b0ed2c87a9b9619d784025b23ad53877d717a16ee77f156e3278429109360763
-
SSDEEP
6144:SnJmTKIpnEcCRq7a1AHIhlhEu0+TuW+jdvj64munmqxS9rd:MJqVGRn1AobhFIhuC5Std
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-