General
-
Target
Spy-Net v2.6.zip
-
Size
2.3MB
-
Sample
240629-yfvp6svamd
-
MD5
6dc430b1b145bda0be280796985c753a
-
SHA1
417d0f8f8a92bca754357e4fa6d484361c408af3
-
SHA256
1e1295e589fc37cc1f51b0f5716a33800d426af471cbf40231ed1e1dba9bf72a
-
SHA512
5d3b501a514a0ac61738e708d5a95fab43ea97a4bc808633475a0e41515876808d039866d8d88b81f98840100b3e32da7483e373824be4ad71007bd29b666476
-
SSDEEP
49152:fEb/PuDXuG1D0FKxovR/fyjIe61BKfnhPg5acJjb7ND69a3D4Dg:fEbn6uGyFLp3yjI/O4IwjkPg
Behavioral task
behavioral1
Sample
Spy-Net v2.6/Spy-Net v2.6/SpyNet.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral2
Sample
Spy-Net v2.6/Spy-Net v2.6/server.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
Spy-Net v2.6/Spy-Net v2.6/sqlite3.dll
Resource
win10v2004-20240508-en
Malware Config
Extracted
cybergate
2.6
vítima
127.0.0.1:81
***MUTEX***
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
install
-
install_file
server.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
texto da mensagem
-
message_box_title
título da mensagem
-
password
abcd1234
Targets
-
-
Target
Spy-Net v2.6/Spy-Net v2.6/SpyNet.exe
-
Size
2.0MB
-
MD5
98de7bcad1ba2caf74007bd97bc2b505
-
SHA1
8a79d06159a339313b810f23835b8417429dd356
-
SHA256
e4b3b3e72bd3bf4052a3136cb811ea54923bc2d7807709992e0345743d49ced8
-
SHA512
ef57cc4f0ad4bf1f54baaf7213bf868c418eebfb0eee3c32ff376b67d5d5337c35a94a1418951d82aae371820ce37eade7cf0a74ce54a4198e18327bd232a35d
-
SSDEEP
49152:GhwHJZqdp7orGOA0jhE6wSZCTIzY7wXSxQ5E+X6Oftn/Z9s0K:GhwHJZUp7orG90NE6KIM7wXr5EI6OR/7
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
Spy-Net v2.6/Spy-Net v2.6/server.exe
-
Size
276KB
-
MD5
8bc332cc10a39d51339fd05b28c9548f
-
SHA1
2418e22e95966786d2fcd4a086fa5ffbf099f55a
-
SHA256
e69d0aa27378192017324d6748de04c9024a2254b599e93c22815e145b28dbc2
-
SHA512
dbb62e502fd7fc8e5c9a37da78a01d444cf87428f841dbe8ff18d54c4088e9ab92edb921b74a59c0e274ae647ed703a0afdce47739616865b59eeee1e7de05b4
-
SSDEEP
6144:Ck4qm47Ag4phnrxg/3mwvuzTMD7XmE1o+5kjoMY6Ox:99nqhndwEzgHjG
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
-
-
Target
Spy-Net v2.6/Spy-Net v2.6/sqlite3.dll
-
Size
171KB
-
MD5
744dcc4cbbfbb18fe3878c4e769ec48f
-
SHA1
c1f2c56ee2d91203a01d3465f185295477a1217d
-
SHA256
33eb31a2a576e663474a895ff0190316c64a93d9ce05a55df0d53f9beeb61163
-
SHA512
706630be2ca09e574a7794e32e515a0a3f993643d034647b8cb976c1e7045e87e30362757cc65fcdb95f4a4327f0dcda3edc82ba84e5ed9115870a037e13af21
-
SSDEEP
3072:4yOtgCNPbAHuzueAlwsKmiiEHpmBt7tjBwHH1ELXvSsmB8teUOhKJz4ZKJNCT1xe:FOtRsOz2xKmGH8JBwn+2smB1Uf8Kurb
Score7/10 -
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Active Setup
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Active Setup
1