General

  • Target

    b42958ac08e2bb3f1af8ac52bab93faa80311879e66e64c43f4992b4cc7e2cf0

  • Size

    267KB

  • Sample

    221021-wthlnahfh5

  • MD5

    75675ab18ffb688664df276fe7008d20

  • SHA1

    fa29983d3a34266242863580eb1b6c4c53236b4c

  • SHA256

    b42958ac08e2bb3f1af8ac52bab93faa80311879e66e64c43f4992b4cc7e2cf0

  • SHA512

    4a6b7982b897a6391c506cbb8a3fdec7e0aab03b0700b0c90d49befc0d29c8233cc9cd630ef521f42af3eb11a4033b3a8e8e04ede63dc74a4671fe04af497655

  • SSDEEP

    6144:TkTmyyl3x/1c7kReB9s5RtXC5zPiksJI353UsOSeI/v6vIKAjv6S0Sa:oUF1Okcort+zZ/5RqOc+D6

Malware Config

Extracted

Family

cybergate

Version

v1.02.1

Botnet

Lammer

C2

virusss.no-ip.org:1413

Mutex

Pluguin

Attributes
  • enable_keylogger

    true

  • enable_message_box

    true

  • ftp_directory

    ./

  • ftp_interval

    30

  • injected_process

    explorer.exe

  • install_dir

    Drivers

  • install_file

    Gerenciador de áudio Realtek.exe

  • install_flag

    true

  • keylogger_enable_ftp

    false

  • message_box_caption

    VOCÊ FOI HACKEADO ...SEU SISTEMA SERÁ FORMATADO.

  • message_box_title

    LAMMER

  • password

    123

  • regkey_hkcu

    FWEJ

  • regkey_hklm

    Java[TM] Update

Targets

    • Target

      b42958ac08e2bb3f1af8ac52bab93faa80311879e66e64c43f4992b4cc7e2cf0

    • Size

      267KB

    • MD5

      75675ab18ffb688664df276fe7008d20

    • SHA1

      fa29983d3a34266242863580eb1b6c4c53236b4c

    • SHA256

      b42958ac08e2bb3f1af8ac52bab93faa80311879e66e64c43f4992b4cc7e2cf0

    • SHA512

      4a6b7982b897a6391c506cbb8a3fdec7e0aab03b0700b0c90d49befc0d29c8233cc9cd630ef521f42af3eb11a4033b3a8e8e04ede63dc74a4671fe04af497655

    • SSDEEP

      6144:TkTmyyl3x/1c7kReB9s5RtXC5zPiksJI353UsOSeI/v6vIKAjv6S0Sa:oUF1Okcort+zZ/5RqOc+D6

    • CyberGate, Rebhip

      CyberGate is a lightweight remote administration tool with a wide array of functionalities.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Tasks