General
-
Target
cda090605756353487efb74c37b40c73731b0f980ec553aadaadf249655aaf25
-
Size
316KB
-
Sample
240908-c1p5jascqb
-
MD5
d05586d3462869167af5506a8df528e1
-
SHA1
b0e574f17014c81fd50d3e7ed052a35b0d964a88
-
SHA256
cda090605756353487efb74c37b40c73731b0f980ec553aadaadf249655aaf25
-
SHA512
ef4cd57dad564035463a6a27f3e46ca967f1a0725ca0662a3037fa440e97dead0e66f1a0136233445b136a1d630603b9bb31c2c41b93847742dc39aebe4f58f5
-
SSDEEP
6144:HJ+UamQn0rlydE8Z/xp4dnY/ATDgKGKn+JA2YZRX+mW45yMn7bA:eE8Z/xpQY/mGKL+mWvuU
Static task
static1
Behavioral task
behavioral1
Sample
cda090605756353487efb74c37b40c73731b0f980ec553aadaadf249655aaf25.exe
Resource
win7-20240903-en
Malware Config
Extracted
cybergate
2.6
vítima
kurdan.no-ip.info:3436
***MUTEX***
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
svchost.exe
-
install_file
svchost.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
texto da mensagem
-
message_box_title
título da mensagem
-
password
abcd1234
-
regkey_hkcu
HKCU
-
regkey_hklm
HKLM
Targets
-
-
Target
cda090605756353487efb74c37b40c73731b0f980ec553aadaadf249655aaf25
-
Size
316KB
-
MD5
d05586d3462869167af5506a8df528e1
-
SHA1
b0e574f17014c81fd50d3e7ed052a35b0d964a88
-
SHA256
cda090605756353487efb74c37b40c73731b0f980ec553aadaadf249655aaf25
-
SHA512
ef4cd57dad564035463a6a27f3e46ca967f1a0725ca0662a3037fa440e97dead0e66f1a0136233445b136a1d630603b9bb31c2c41b93847742dc39aebe4f58f5
-
SSDEEP
6144:HJ+UamQn0rlydE8Z/xp4dnY/ATDgKGKn+JA2YZRX+mW45yMn7bA:eE8Z/xpQY/mGKL+mWvuU
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-