General
-
Target
cb46c0d6e0fd8c2c63ad1fef2363cd90
-
Size
404KB
-
Sample
240315-ngc7eahc34
-
MD5
cb46c0d6e0fd8c2c63ad1fef2363cd90
-
SHA1
443caea99bc26e37b7d526561beb431a22a6c73a
-
SHA256
00a34c4f5f42bddd5e71cbdb417ca650f100f0b342e6dcc8b9198006365dd916
-
SHA512
2a0ef69e92a389c95aac1cb990ed58dc7ffffcbcc73a5c55b9a0d718ed87a5dda9ce53d5ed25a9e0b472bf132d77a675f5b6b61c93bbd2606f2876160b577927
-
SSDEEP
6144:cV1OAurpFyHemqzYBQCZztwoGpbaOJNMDdpyPlmbcbIx/dLHBKP:8slpFyHfLBfZBe0pyN3bIxZ0P
Static task
static1
Behavioral task
behavioral1
Sample
cb46c0d6e0fd8c2c63ad1fef2363cd90.exe
Resource
win7-20240220-en
Malware Config
Extracted
cybergate
2.6
XXXXX
199.no-ip.info:12345
Fuckedintheasss
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
Explorer.exe
-
install_dir
Microsoft_KLB8187
-
install_file
Windefender.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
texto da mensagem
-
message_box_title
tÃtulo da mensagem
-
password
assfucked
-
regkey_hkcu
ePower Management
-
regkey_hklm
Adobe Reader Tray
Targets
-
-
Target
cb46c0d6e0fd8c2c63ad1fef2363cd90
-
Size
404KB
-
MD5
cb46c0d6e0fd8c2c63ad1fef2363cd90
-
SHA1
443caea99bc26e37b7d526561beb431a22a6c73a
-
SHA256
00a34c4f5f42bddd5e71cbdb417ca650f100f0b342e6dcc8b9198006365dd916
-
SHA512
2a0ef69e92a389c95aac1cb990ed58dc7ffffcbcc73a5c55b9a0d718ed87a5dda9ce53d5ed25a9e0b472bf132d77a675f5b6b61c93bbd2606f2876160b577927
-
SSDEEP
6144:cV1OAurpFyHemqzYBQCZztwoGpbaOJNMDdpyPlmbcbIx/dLHBKP:8slpFyHfLBfZBe0pyN3bIxZ0P
-
Adds policy Run key to start application
-
Modifies Installed Components in the registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-