General
-
Target
0x000500000000f661-72.dat
-
Size
323KB
-
Sample
231201-br3htsdf4y
-
MD5
d6e454523b5e9be1a5819fd29e40c8fe
-
SHA1
ecf92208be4c5835d21b2b2f14f0dc974fba1bd3
-
SHA256
df785a6a79040619e4307767240d6d33a3abb4bc3056ef3b96818559d960d926
-
SHA512
7e87e1dc4b3e824a21fae39f5fb61a453f496110e7f4324ec7ef9bc38174a701808b792a2bd193afc72f30cfd0f92427074bc55f004f4b6c087e9792414f8b5a
-
SSDEEP
6144:k95nGZoxDNT/xQphU+jrlgzfuzt91C9NDyWId98HhqbxtHGZsxJsGW:hZ4h/xQp6+tqOYy9zo0rJsGW
Behavioral task
behavioral1
Sample
0x000500000000f661-72.exe
Resource
win7-20231023-en
Malware Config
Extracted
cybergate
v1.02.1
Lammer
thzinhacker.ddns.net:1177
Pluguin
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./
-
ftp_interval
30
-
injected_process
svchost.exe
-
install_dir
Microsoft
-
install_file
Pluguin.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
VOCÊ FOI HACKEADO ...SEU SISTEMA SERÁ FORMATADO.
-
message_box_title
LAMMER
-
password
123
-
regkey_hkcu
Avirnt
-
regkey_hklm
Avgnt
Targets
-
-
Target
0x000500000000f661-72.dat
-
Size
323KB
-
MD5
d6e454523b5e9be1a5819fd29e40c8fe
-
SHA1
ecf92208be4c5835d21b2b2f14f0dc974fba1bd3
-
SHA256
df785a6a79040619e4307767240d6d33a3abb4bc3056ef3b96818559d960d926
-
SHA512
7e87e1dc4b3e824a21fae39f5fb61a453f496110e7f4324ec7ef9bc38174a701808b792a2bd193afc72f30cfd0f92427074bc55f004f4b6c087e9792414f8b5a
-
SSDEEP
6144:k95nGZoxDNT/xQphU+jrlgzfuzt91C9NDyWId98HhqbxtHGZsxJsGW:hZ4h/xQp6+tqOYy9zo0rJsGW
-
Detect Neshta payload
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Adds policy Run key to start application
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
3Event Triggered Execution
1Change Default File Association
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
3Event Triggered Execution
1Change Default File Association
1