General
-
Target
cfcee69cb1926bbbe9b6b9bff5529f59
-
Size
413KB
-
Sample
240317-dz82padd37
-
MD5
cfcee69cb1926bbbe9b6b9bff5529f59
-
SHA1
242e53f8611a91e868baae5652231ce2d26b044a
-
SHA256
7a053ac887f88da4c3c4f07da216cd1b146d7ab9d6e8c008140c2e8f3fe49372
-
SHA512
de745f77e071d8eda60560306e691ccea960f77d4a2691e2113ec36ae2ca5c697fd4f75c6dc2b90c2ffb9262aa348b13b03b7a068f7a6d29c837e0051bc1c1bb
-
SSDEEP
6144:LbQRMt41KYyd/6ubI6CTUP/OmZFemZeqA6FFecv0AjGV9KH6imusfjZMa:Lb61h86QhWMO1mMERvTG72Btxa
Static task
static1
Behavioral task
behavioral1
Sample
cfcee69cb1926bbbe9b6b9bff5529f59.exe
Resource
win7-20240221-en
Malware Config
Extracted
cybergate
v1.07.5
TUBCITY
missmollymars.dyndns.org:82
togastand.zapto.org:82
5JM1U63858544G
-
enable_keylogger
true
-
enable_message_box
true
-
ftp_directory
./logs/
-
ftp_interval
60
-
injected_process
java.exe
-
install_dir
System32
-
install_file
svchost.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
Please run as administrator!
-
message_box_title
Data Execution Problem
-
password
ALCOHOL101
-
regkey_hkcu
Policies
-
regkey_hklm
Policies
Targets
-
-
Target
cfcee69cb1926bbbe9b6b9bff5529f59
-
Size
413KB
-
MD5
cfcee69cb1926bbbe9b6b9bff5529f59
-
SHA1
242e53f8611a91e868baae5652231ce2d26b044a
-
SHA256
7a053ac887f88da4c3c4f07da216cd1b146d7ab9d6e8c008140c2e8f3fe49372
-
SHA512
de745f77e071d8eda60560306e691ccea960f77d4a2691e2113ec36ae2ca5c697fd4f75c6dc2b90c2ffb9262aa348b13b03b7a068f7a6d29c837e0051bc1c1bb
-
SSDEEP
6144:LbQRMt41KYyd/6ubI6CTUP/OmZFemZeqA6FFecv0AjGV9KH6imusfjZMa:Lb61h86QhWMO1mMERvTG72Btxa
-
Adds policy Run key to start application
-
Modifies Installed Components in the registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-