General
-
Target
Trojan-Ransom.Win32.Blocker.eybs-2119094a9b8fc9a65269bdd5eeafe1dcb70709c3d25e3db73b06135aab23c4e3
-
Size
975KB
-
Sample
221106-yx65jacdgl
-
MD5
1d0ae4c1d7162eb8bf5fe5512abeb2fd
-
SHA1
63a47d8fb4567ba336ec6658294cc05b80282b40
-
SHA256
2119094a9b8fc9a65269bdd5eeafe1dcb70709c3d25e3db73b06135aab23c4e3
-
SHA512
a7030a755f3d45632fb62d648eb0955fb5383038a988b80632d90531aa125d7e242926c474fa0d1bfb2fc16d774d9a8786b0ac1fea5dd4c968a9992d28034c6f
-
SSDEEP
24576:e/sm07vwHjGSyq00LVqBzOMLiiFJj2xeFtQEbG:e/KvwHKSyq00LVqM/xyttG
Static task
static1
Behavioral task
behavioral1
Sample
Trojan-Ransom.Win32.Blocker.exe
Resource
win7-20220812-en
Malware Config
Extracted
cybergate
2.6
noipviada
microsftcuzona.serveminecraft.net:25565
***MUTEX***
-
enable_keylogger
true
-
enable_message_box
true
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
Dir
-
install_file
explorar.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
Esse Hack é Pago , Segue a Lista de Preços... R$ 0,00 - Teste R$ 1,50 - 1 Semana R$ 5,90 - 1 Mês R$ 15,50 - Permanente Para comprar , adicione-me no skype: .......................... J-Pex ( aaJetPex )
-
message_box_title
Hack VIP é Pago
-
password
123
-
regkey_hkcu
(Padrão)
-
regkey_hklm
Windows
Targets
-
-
Target
Trojan-Ransom.Win32.Blocker.eybs-2119094a9b8fc9a65269bdd5eeafe1dcb70709c3d25e3db73b06135aab23c4e3
-
Size
975KB
-
MD5
1d0ae4c1d7162eb8bf5fe5512abeb2fd
-
SHA1
63a47d8fb4567ba336ec6658294cc05b80282b40
-
SHA256
2119094a9b8fc9a65269bdd5eeafe1dcb70709c3d25e3db73b06135aab23c4e3
-
SHA512
a7030a755f3d45632fb62d648eb0955fb5383038a988b80632d90531aa125d7e242926c474fa0d1bfb2fc16d774d9a8786b0ac1fea5dd4c968a9992d28034c6f
-
SSDEEP
24576:e/sm07vwHjGSyq00LVqBzOMLiiFJj2xeFtQEbG:e/KvwHKSyq00LVqM/xyttG
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-