General
-
Target
cce4eabc36dc02963c964cf02b19f8d1
-
Size
431KB
-
Sample
240316-c3yvfsbg39
-
MD5
cce4eabc36dc02963c964cf02b19f8d1
-
SHA1
292dbda9fbd0181e5c9a34669c6db0ccad601812
-
SHA256
e249d51228e1d27ae9fb4ada896dc2b185d8d9dece31a1b4a445e07993907e2d
-
SHA512
bf6be63bb2a6ffc606a5c9419f38507d2ded56861dd8f9300ceff42b0d9da64b764364a1221686223737a908d770245fde5e268b7a3dc24d083d237c30c99044
-
SSDEEP
6144:oweKa0YWNbOvg8dvoTw2IgYXbxx5Y3gzYeUOTqyle7YgHd1W/WA0cfUTv5GUn0Rr:ow9x+Q+RXbQkKOTqy47YC6WArea4F
Static task
static1
Behavioral task
behavioral1
Sample
cce4eabc36dc02963c964cf02b19f8d1.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
cce4eabc36dc02963c964cf02b19f8d1.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
cybergate
2.6
ÈÑäÇãÌ ÊÍæíá
mohmed113.no-ip.biz:288
***MUTEX***
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
svchost.exe
-
install_file
system 32.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
texto da mensagem
-
message_box_title
t?tulo da mensagem
-
password
abcd1234
-
regkey_hkcu
HKCU
-
regkey_hklm
HKLM
Targets
-
-
Target
cce4eabc36dc02963c964cf02b19f8d1
-
Size
431KB
-
MD5
cce4eabc36dc02963c964cf02b19f8d1
-
SHA1
292dbda9fbd0181e5c9a34669c6db0ccad601812
-
SHA256
e249d51228e1d27ae9fb4ada896dc2b185d8d9dece31a1b4a445e07993907e2d
-
SHA512
bf6be63bb2a6ffc606a5c9419f38507d2ded56861dd8f9300ceff42b0d9da64b764364a1221686223737a908d770245fde5e268b7a3dc24d083d237c30c99044
-
SSDEEP
6144:oweKa0YWNbOvg8dvoTw2IgYXbxx5Y3gzYeUOTqyle7YgHd1W/WA0cfUTv5GUn0Rr:ow9x+Q+RXbQkKOTqy47YC6WArea4F
Score10/10-
Adds policy Run key to start application
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-