General
-
Target
cb1349b01069f8a2b05cd70be4ad1ed1
-
Size
272KB
-
Sample
240315-llawqsda9t
-
MD5
cb1349b01069f8a2b05cd70be4ad1ed1
-
SHA1
8ebe057f4624d6ccab495bcb622b7ad224669e3d
-
SHA256
bd772e1f284f4766c9d15a63fc8558928f2280752a300422db83543d7b3d9850
-
SHA512
f97af2995c7bb210717149e0fe3cc72028a4518fb25410f2b45c55525f0b249ac240ae6c62d62c3c6d5ff523990b72aff6f1e7cfea6c0eca0d4e3fa792cec09c
-
SSDEEP
6144:vk4qmFLiss/qp0gv7TX172YJJCStmvVja+1SetCOO:c9JHUD9az4mvKOCx
Behavioral task
behavioral1
Sample
cb1349b01069f8a2b05cd70be4ad1ed1.exe
Resource
win7-20240221-en
Malware Config
Extracted
cybergate
2.6
vítima
127.0.0.1:81
***server***
-
enable_keylogger
true
-
enable_message_box
true
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
install
-
install_file
server.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
no file
-
message_box_title
test
-
password
abcd1234
-
regkey_hkcu
HKCU
-
regkey_hklm
HKLM
Targets
-
-
Target
cb1349b01069f8a2b05cd70be4ad1ed1
-
Size
272KB
-
MD5
cb1349b01069f8a2b05cd70be4ad1ed1
-
SHA1
8ebe057f4624d6ccab495bcb622b7ad224669e3d
-
SHA256
bd772e1f284f4766c9d15a63fc8558928f2280752a300422db83543d7b3d9850
-
SHA512
f97af2995c7bb210717149e0fe3cc72028a4518fb25410f2b45c55525f0b249ac240ae6c62d62c3c6d5ff523990b72aff6f1e7cfea6c0eca0d4e3fa792cec09c
-
SSDEEP
6144:vk4qmFLiss/qp0gv7TX172YJJCStmvVja+1SetCOO:c9JHUD9az4mvKOCx
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops file in System32 directory
-