General
-
Target
VirusShare_44199303392409f2aca084293872a144
-
Size
460KB
-
Sample
240610-nfwmcshd37
-
MD5
44199303392409f2aca084293872a144
-
SHA1
3a411e07e4e49cef1b873e107257fe509136e911
-
SHA256
2618027d4d30b7fffe6dee99350935d484af8c2b947fff2a9691cd1a9856e3c8
-
SHA512
4ce04e755f746f855ab7316e1b98fb786f338f5c79f615e0ef695356c5788126c0c26ff341b1595307fd2c306803c2c82176daf4428e81e5b77b80cf6575c183
-
SSDEEP
6144:EMcTilOozA4VEpTK5wSIOGrGpgvcRm8l6oUdg/OQl:EMJPzA4VEm+mgv8l6oUdgmQl
Static task
static1
Behavioral task
behavioral1
Sample
VirusShare_44199303392409f2aca084293872a144.exe
Resource
win7-20240508-en
Malware Config
Extracted
cybergate
v1.07.5
remote
badboyownz.no-ip.info:40037
GIHARJ1LDMAOYJ
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
SearchIndexer.exe
-
install_dir
Adobe
-
install_file
Flash.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
Remote Administration anywhere in the world.
-
message_box_title
CyberGate
-
password
123456
-
regkey_hkcu
Windows Explorer
-
regkey_hklm
Windows Update
Targets
-
-
Target
VirusShare_44199303392409f2aca084293872a144
-
Size
460KB
-
MD5
44199303392409f2aca084293872a144
-
SHA1
3a411e07e4e49cef1b873e107257fe509136e911
-
SHA256
2618027d4d30b7fffe6dee99350935d484af8c2b947fff2a9691cd1a9856e3c8
-
SHA512
4ce04e755f746f855ab7316e1b98fb786f338f5c79f615e0ef695356c5788126c0c26ff341b1595307fd2c306803c2c82176daf4428e81e5b77b80cf6575c183
-
SSDEEP
6144:EMcTilOozA4VEpTK5wSIOGrGpgvcRm8l6oUdg/OQl:EMJPzA4VEm+mgv8l6oUdgmQl
-
Adds policy Run key to start application
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-