General
-
Target
d4dfb2b31675c0cb52b79c62df302e07
-
Size
312KB
-
Sample
240319-bxna4aee5y
-
MD5
d4dfb2b31675c0cb52b79c62df302e07
-
SHA1
7f6e63b63b5afd067f61fabcab8da273a24f26a0
-
SHA256
6907e4bc6c2908d39ea2a745b1e86aad2ec1ad76bb9a8f559ca5ee55931407a8
-
SHA512
6f5259822b06c834b4c49ea7204721a51bc10e44758b473d89205cef1459451b69fefb1dbd3994506c7377256c7595cf38966fbfd124a1c51df12fd4420fff6c
-
SSDEEP
6144:KvkamA2MKgT8KbZ1ZO0MS1lxTgstF3LO6U8j5lB+oosThXe2:KvkaVRl8k/ZOq5PtFLV5lUoRb
Static task
static1
Behavioral task
behavioral1
Sample
d4dfb2b31675c0cb52b79c62df302e07.exe
Resource
win7-20240221-en
Malware Config
Extracted
cybergate
2.6
ÖÍíÉ
127.0.0.1:288
***MUTEX***
-
enable_keylogger
false
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
svchost.exe
-
install_file
windows.exe
-
install_flag
false
-
keylogger_enable_ftp
false
-
message_box_caption
texto da mensagem
-
message_box_title
t?tulo da mensagem
-
password
abcd1234
Targets
-
-
Target
d4dfb2b31675c0cb52b79c62df302e07
-
Size
312KB
-
MD5
d4dfb2b31675c0cb52b79c62df302e07
-
SHA1
7f6e63b63b5afd067f61fabcab8da273a24f26a0
-
SHA256
6907e4bc6c2908d39ea2a745b1e86aad2ec1ad76bb9a8f559ca5ee55931407a8
-
SHA512
6f5259822b06c834b4c49ea7204721a51bc10e44758b473d89205cef1459451b69fefb1dbd3994506c7377256c7595cf38966fbfd124a1c51df12fd4420fff6c
-
SSDEEP
6144:KvkamA2MKgT8KbZ1ZO0MS1lxTgstF3LO6U8j5lB+oosThXe2:KvkaVRl8k/ZOq5PtFLV5lUoRb
-
Adds policy Run key to start application
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-