General
-
Target
a50afdfe88450d0acf5f041ecd13ba998c1d3be7a0ce9d54d06fcbe872ae9b69
-
Size
1.6MB
-
Sample
221202-zj8xmsgb41
-
MD5
f176294d0e494b35e7a68a8da6109897
-
SHA1
ad69b04637a28838b65a56ac2f15a193ab6429ba
-
SHA256
a50afdfe88450d0acf5f041ecd13ba998c1d3be7a0ce9d54d06fcbe872ae9b69
-
SHA512
7c0b797a12bd8d0da2e6fb26c867d69a559d78cc4ac8a1cd2a41bf83a83fbbd14f4c20f72aa1c96c1ab5df94c59da2d5b593963718b0433adb20440afcae50ce
-
SSDEEP
49152:JvwiMzvTnyv5B7EusWrAVeJQCw3Nrw8tRo9:Jvw6kP4xJIG8tW
Static task
static1
Behavioral task
behavioral1
Sample
a50afdfe88450d0acf5f041ecd13ba998c1d3be7a0ce9d54d06fcbe872ae9b69.exe
Resource
win7-20221111-en
Malware Config
Extracted
cybergate
v1.02.1
Lammer
gul.zapto.org:81
Pluguin
-
enable_keylogger
true
-
enable_message_box
true
-
ftp_directory
./
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
Microsoft
-
install_file
Pluguin.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
VOCÊ FOI HACKEADO ...SEU SISTEMA SERÁ FORMATADO.
-
message_box_title
LAMMER
-
password
123
Targets
-
-
Target
a50afdfe88450d0acf5f041ecd13ba998c1d3be7a0ce9d54d06fcbe872ae9b69
-
Size
1.6MB
-
MD5
f176294d0e494b35e7a68a8da6109897
-
SHA1
ad69b04637a28838b65a56ac2f15a193ab6429ba
-
SHA256
a50afdfe88450d0acf5f041ecd13ba998c1d3be7a0ce9d54d06fcbe872ae9b69
-
SHA512
7c0b797a12bd8d0da2e6fb26c867d69a559d78cc4ac8a1cd2a41bf83a83fbbd14f4c20f72aa1c96c1ab5df94c59da2d5b593963718b0433adb20440afcae50ce
-
SSDEEP
49152:JvwiMzvTnyv5B7EusWrAVeJQCw3Nrw8tRo9:Jvw6kP4xJIG8tW
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-