General
-
Target
55d4806c35d5ecb57cbc2915c16c48600ac9a01303d97f3a97c1eed6bb1f3824
-
Size
1.1MB
-
Sample
221106-ks6fjscfc3
-
MD5
295186d521efde600fe65a53a8649ff0
-
SHA1
a5d068dd8955fc29427298c9d5f2044d3b2a7114
-
SHA256
55d4806c35d5ecb57cbc2915c16c48600ac9a01303d97f3a97c1eed6bb1f3824
-
SHA512
f6ef927e49567b21a7ff2b914a8d7837fc3060914a97467b9b29b6c58c4ddca68c4042830f1f37a2ddc77653f0c02f652221ce587e97eb0be56cc6ae85c4fef9
-
SSDEEP
24576:7zStYF/AiO8FbIZB1WiQXhF905CtBkV0Hf4Rl4NPtkDrT3lww2l/3:7zAYV8H4hn0KBkVEf4gNPtkCjJ
Static task
static1
Behavioral task
behavioral1
Sample
55d4806c35d5ecb57cbc2915c16c48600ac9a01303d97f3a97c1eed6bb1f3824.exe
Resource
win7-20220812-en
Malware Config
Extracted
cybergate
v1.02.1
Lammer
patinhosmill.ddns.net:2000
Pluguin
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
Microsoft
-
install_file
Pluguin.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
VOCÊ FOI HACKEADO ...SEU SISTEMA SERÁ FORMATADO.
-
message_box_title
LAMMER
-
password
123
-
regkey_hkcu
Avirnt
-
regkey_hklm
skypeupdate
Targets
-
-
Target
55d4806c35d5ecb57cbc2915c16c48600ac9a01303d97f3a97c1eed6bb1f3824
-
Size
1.1MB
-
MD5
295186d521efde600fe65a53a8649ff0
-
SHA1
a5d068dd8955fc29427298c9d5f2044d3b2a7114
-
SHA256
55d4806c35d5ecb57cbc2915c16c48600ac9a01303d97f3a97c1eed6bb1f3824
-
SHA512
f6ef927e49567b21a7ff2b914a8d7837fc3060914a97467b9b29b6c58c4ddca68c4042830f1f37a2ddc77653f0c02f652221ce587e97eb0be56cc6ae85c4fef9
-
SSDEEP
24576:7zStYF/AiO8FbIZB1WiQXhF905CtBkV0Hf4Rl4NPtkDrT3lww2l/3:7zAYV8H4hn0KBkVEf4gNPtkCjJ
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-