Overview

overview

10

Static

static

3

1d4b18074a...22.exe

windows7-x64

10

1d4b18074a...22.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    138s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20241023-en
  • resource tags

    arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
  • submitted
    04-12-2024 20:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1d4b18074aa3d958adb6f52e8ba7e37cf6bc799d46784734275cf476a2867622.exe

  • Size

    2.1MB

  • MD5

    bee0398363217eaedbdee4b83e5909fd

  • SHA1

    eeaf4acab9a4d247bb3513110dfffe370301763e

  • SHA256

    1d4b18074aa3d958adb6f52e8ba7e37cf6bc799d46784734275cf476a2867622

  • SHA512

    da608822c3c570f8fe62a10d0b76ed3c706271ff7f22c4ee7c844a5b5e9af48c736d8cf12a393ba3d390e6dd3ed70b26c43a1ab60061812661855fb6183ae22b

  • SSDEEP

    49152:qtACGnO8DYVanUCV9RR2z9TRAiuLjFIWgUWPt5lVU0Eo:qtQnOaUC3q9ojMfP00Eo

Score
10/10
cybergatevítima 4shareddiscoveryevasionstealertrojan

Malware Config

Extracted

Family

cybergate

Version

2.7 Final

Botnet

vítima 4shared

C2

lucasgusmao.no-ip.org:2000

Mutex

***MUTEX***

Attributes
  • enable_keylogger

    true

  • enable_message_box

    true

  • ftp_directory

    ./logs/

  • ftp_interval

    30

  • ftp_password

    123654

  • ftp_port

    21

  • ftp_server

    ftp.server.com

  • ftp_username

    ftp_user

  • injected_process

    explorer.exe

  • install_dir

    install

  • install_file

    server.exe

  • install_flag

    true

  • keylogger_enable_ftp

    true

  • message_box_caption

    Falta de DLL ,Instale a DLL e Reinicie o PC... complemento comdl32.ocx

  • message_box_title

    Error!!!

  • password

    123654

  • regkey_hkcu

    HKCU

  • regkey_hklm

    HKLM

Signatures

  • CyberGate, Rebhip

    CyberGate is a lightweight remote administration tool with a wide array of functionalities.

    trojanstealercybergate
  • Cybergate family
    cybergate
  • UAC bypass 3 TTPs 1 IoCs
    evasiontrojan
  • Windows security bypass 2 TTPs 1 IoCs
    evasiontrojan
  • Windows security modification 2 TTPs 1 IoCs
    evasiontrojan
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Drops file in System32 directory 2 IoCs
  • Suspicious use of SetThreadContext 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 23 IoCs
  • System policy modification 1 TTPs 1 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\1d4b18074aa3d958adb6f52e8ba7e37cf6bc799d46784734275cf476a2867622.exe
    "C:\Users\Admin\AppData\Local\Temp\1d4b18074aa3d958adb6f52e8ba7e37cf6bc799d46784734275cf476a2867622.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2172
    • C:\Users\Admin\AppData\Local\Temp\1d4b18074aa3d958adb6f52e8ba7e37cf6bc799d46784734275cf476a2867622.exe
      C:\Users\Admin\AppData\Local\Temp\1d4b18074aa3d958adb6f52e8ba7e37cf6bc799d46784734275cf476a2867622.exe
      2⤵
      • UAC bypass
      • Windows security bypass
      • Windows security modification
      • Checks whether UAC is enabled
      • Drops file in System32 directory
      • Suspicious use of SetThreadContext
      • System Location Discovery: System Language Discovery
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      • System policy modification
      PID:2532
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2588
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2588 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2884

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a325a1bc4c5f85774b1c827a2fc09543

    SHA1

    4a7b77c70de79ef74229af86638c7d86bceb8bd3

    SHA256

    9a0537733d01df06892c3e8c8c2b9103e28253aca927208874c15993c18f47f7

    SHA512

    5f26f87a30b0b5309f6cc040bf1c9299af2a28e7bc3114f3c48ad4917cb1d072716b80856e45e20f1edeafb6bf9590903a9e777c54e9633cf7d8767b4496269b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1f7a22ec86537b60da1a879ca934d43d

    SHA1

    869d9493966ab2da0f9024cd751488028a8e036d

    SHA256

    0b40b06bd2550c6f766b62a03c9b73b2209e8ab280cf36d2d90924d04e957969

    SHA512

    946ad6a21729bbaee37ee5c224aad677e8255624a3269743452109df484563dfe9c1f3cc7b5cc5a81cbed26b6856a66fc187c97dac9742c16aa2e48d1f0dbc2b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dc2c3747987ecdb5abcdb4fd8b422e8a

    SHA1

    e8376dca5895e9645c099b5c7e9422189d6d931c

    SHA256

    423e0e60b89d4a24c45e2afe9fa3213c6e6833425a08421e8c1121a53a4e2092

    SHA512

    8d0b3144775f8e41f7bca587a33513844d7fd6a5ee11c0a50c612f496d879fdca996e624aac90dd950736f1de3af0124ccfcb25655dc1133235619692284a940

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b1ccc8e5275493e0d393d789f9dacfb4

    SHA1

    296a447e4e60ec478f0444bb22880e0054739b99

    SHA256

    23f53a04490138ab164d33f429157f1884bc5eed44508e5a3069c9101e4b3a82

    SHA512

    b624cc012cb1e42e9962b14293bbb9bbd0bb2e0b77a7149a17721745a6a468d6aff0068e893cf071c04344407ec3fe9b34df9ce76ad15a8dfc554135c3f121e7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fba90085c0b2c8c7d6df265b0fcf58bb

    SHA1

    fa4afa499ec1c02eea28315b32c4c355b8834199

    SHA256

    325de19bb09d12728072cfd19b8bc877373e45b25f9d3e0f3dbca031eb9fbb87

    SHA512

    b4ae5b5140f6e320896060374ee3bc54eb5122ce1aa0a6fa183dff82a675402cddca80fc9e5516113994ce3cd6976461dadf16814589f0f9f539432bff909b78

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    06f586746c5545d12971de1a908afd1d

    SHA1

    4f919c828cd1b7a8e13bb88f6a8a920ec6264866

    SHA256

    2ae90bafa5d62904f014b4e837d48d712399a9cedce90e4622035cf6cb7b75d8

    SHA512

    092207a2945381d39e40f5e617a5642a4bdd863d23e4aab01536ed006c608514202ce73dcc2ca54d48bd4a7b90bcdb178080c981b0629d12deb191a121ff9c49

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    57661aa35e34b8fe4d07d4eba6d2ba5b

    SHA1

    9086755c327bfba0234e019586d4ce376e8d664d

    SHA256

    c46652182304e70e3d71543ffdffd41cf83c88d5d6a3f2fcf97bc9c9fd3091e2

    SHA512

    2b96cf2944c339fad18c425e2ee8838f3b2306076f0bcd6adeeb5d33005af3f2492f4421c7b9d0b104daac42b73902c5279deb746fce8effb122b1a8b6398d45

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1cb5268f910b43f9356b60cb2f02bd57

    SHA1

    bcbf9e766ba36a3631ca6b17eb4c19fe9a6c1078

    SHA256

    861c91b7a07c5ce514923ee0bcba5d7df282b5429b893dd4fca6d4dbdbbf7c7d

    SHA512

    af8387b1656ab9f08c905f7c3d8d6ec1f8550776b7405acb397ceff054ec8f4cf02af2b9f5dce927e9625916546388dcd01f39432f1f2e6259199bf238337942

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0a559c8e38db0a3e705c43cf9145574b

    SHA1

    9b5c6c6b5fd5bbb047b807805cb42e595fe9c408

    SHA256

    e544b3f670f2e23aee3e8d8dd1855c5807d4475d575452407c80834e605f816a

    SHA512

    77f51e228327f337da1e05a7f81ee37c1f0280de445ff1dc105af19a9fbc8d20f56601a3465255a4334554665e310de7813490d8a3c2ab7f43b0618345a8274a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    68eeeb3fe0d37466ea7053f62b215603

    SHA1

    82d3e8a31119b456572a187ab79335919f2af6ed

    SHA256

    38c7b50b8286080c0da828650d231ba82d8dbd9b094eba10d9271a955a47ffb6

    SHA512

    c0a9b5cf90bbf216c82a6fead5ff2341fa85d4cfbcfa503b3d08bebcabd4c242b6f32390d32e83a44e8e25bfd48dc0b41d301d263ca52f1a7ce4d34421d0009f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5883002ae216dc4fc7e559112d9e82b3

    SHA1

    2fe85f000f2defd2a9489d74ba074582411c966c

    SHA256

    a844839329709e9ceb9a04004007900a9c960a6f25c3b504be938014bb854dd0

    SHA512

    03d37a44f04066a44d588637b6e6609d5b45680d90068f1fd297fdc9516f8d964c1d71db48593e41b24322bc980494923c3c8210609b1f440e7899b515ef926a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3bde4dbe484ed149541ae0a15dc6d7bf

    SHA1

    4cfe3ffacacb05fe632b25fbe6312dbe515df9a8

    SHA256

    1a563301d92c5d482d6b209c3bace7c8661b01b71a89a2136d52fb6d180afd15

    SHA512

    b71a7a45da195453e1cfe9abbc6ccfa067cbd62f7519ccc6e7ff2609262ac2670a847b77f9373ae80a1f3a6cb74d98e83b65e1c91870a19f963635e7789b3389

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    596d7900fd3001b9787cea609bbde4aa

    SHA1

    cb49a8bad931fa808674b7540c1348bf8a15f035

    SHA256

    91a4c952017c3ac454b0d16d14211afdd29838636bea0965590e6a4fe4c111ba

    SHA512

    8ad4da3076ea632b3c309fa1a2f34c634aa184b430bf0eb8a305aa9695ac033d7f29cb944afab724560ccd4807b6127e7730b9aa434120f55a145a2d856ab8a6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    06914bb7189f445c32f84f8320400a95

    SHA1

    86823e6dc34862041d06ae537df1f0c45c7bb44d

    SHA256

    773aac6ee5e140fcc25b4dd589c907c16f1e7cb4d81a56795b7ad8b5910b5255

    SHA512

    3a5126474286da71f2e38054d067c98424e346e38e9f904a75823631c4620ce54fe1d0d2fefe2c310e0551416562519d19d0b9f7058fafcbb675993b72b609d3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c17e35c16efcc30dc9d6b77f0e354e35

    SHA1

    dcdd12d5c35e50ab9142d726dbc33e69ac010973

    SHA256

    7e5d63d4190594e3cece66f6625ced59832525318a33899d38a9ab5b54e539cc

    SHA512

    0ce503483de63fffc9713ef0e4ad64f2146019bffb2f9f2a1e2c8b1535951d4d80f52bd5fb41b6c218eb9356bfde4cb643d8ee46c48f94f532fd5a97ecb1a9cb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c85f299f465bbbcb979c6bf744d15052

    SHA1

    c6b0453866823a97fd52fcbf849af4f0e760686f

    SHA256

    d52f7cbc9b9d2549d757f8c8faed4070349dc8f1d5b3ce11346404264aacf185

    SHA512

    ed52143213510e02842c998aa7fdd3b3279b114f130f338ca8108bc696955142df99dd176e665e05a71cea1b487a9b6d36d3f175e93c2bd88061649a455e0744

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fc2d447fc3c31e5b0a8f640c8631754f

    SHA1

    517694928b91ba60ddc220bf572f3df968843669

    SHA256

    a9c2baa5fff65a948d2fa1fad3f0b54133c8205d705e3334451ae6d7b84b5d15

    SHA512

    4a00e0b127bb8267dbe76e935491b909c577d1aa38f668cb65f7da47d2767812ca0e8ea37aa39e8850b4d1bd471f12001067a1647f1da94ad6a4563c4341bcba

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4424bca4800dce336877e1e168e4d535

    SHA1

    08bd97e64c704782e9b3c44ddc2720cd199d8ac3

    SHA256

    36b15127abd9308e32a1c9d23780218d62a451694e014df6c79737e23a045a3c

    SHA512

    19176fc5e502ef1129e7f6bb831631646fe7d51ce4018b96b8b03b8ff6fc82fe9d242ae16605f486abd865cd199d763e3d0fa0e8f379f18ce144fa9359b87250

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d488709168590c24e08ae0764c1709ae

    SHA1

    15cb6251c1a2a5369385e4370d167baf3da40547

    SHA256

    d470f0681563fde090e5c5c2f6afff7fdb5a8ce55cb8ce86efa3b2f829ca65f5

    SHA512

    0eb938a657ac1b26bad030397baeecfe5470ec49c34e588a620b492957a6c79f50947369f09f8b3dc175ecffa49168f0ef0ad501fb207474bc8a01d0066c4fac

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabE31F.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarE3D0.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2172-15-0x0000000000400000-0x00000000004C9000-memory.dmp

    Filesize

    804KB

    Download

  • memory/2172-1-0x0000000000320000-0x0000000000322000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2172-16-0x0000000002050000-0x0000000002119000-memory.dmp

    Filesize

    804KB

    Download

  • memory/2172-13-0x0000000000400000-0x00000000004C9000-memory.dmp

    Filesize

    804KB

    Download

  • memory/2172-0-0x0000000000400000-0x00000000004C9000-memory.dmp

    Filesize

    804KB

    Download

  • memory/2532-10-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2532-4-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2532-9-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2532-2-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2532-17-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2532-6-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2532-24-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2588-21-0x0000000000400000-0x00000000004AA000-memory.dmp

    Filesize

    680KB

    Download