General
-
Target
3d7038348d1cdb49aa3cf2814a579106
-
Size
628KB
-
Sample
231225-1a675adfaj
-
MD5
3d7038348d1cdb49aa3cf2814a579106
-
SHA1
cbdcb096507857dfdb6d0cadf4025dbc1cb015af
-
SHA256
09f7e0f4a25eae59b31fb4231c07b4216232480bcb86afd58b4e861a7dc5d867
-
SHA512
bbe80c189864c3bff6a1548864321d60e0d913e53b4251abb3f3448863132038bcbe694d1ca5d4a3cbfc2213a6112e39abe3bba451dcc982883129f44e0cd540
-
SSDEEP
12288:k5Zwhd7NgMUirmV/64WNImtXfmst+ra6Tefs2SI/3m1v1uN4h/xQp6+tqOYy9zo8:k5qDUirml64WNbOFra6AyIW30ltYYo8
Static task
static1
Behavioral task
behavioral1
Sample
3d7038348d1cdb49aa3cf2814a579106.exe
Resource
win7-20231129-en
Malware Config
Extracted
cybergate
v1.02.1
Lammer
127.0.0.1:81
h1n1hack.no-ip.info:81
h1n1hack.no-ip.info:12345
h1n1hack.no-ip.info:2000
Pluguin
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
Microsoft
-
install_file
Pluguin.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
VOCÊ FOI HACKEADO ...SEU SISTEMA SERÁ FORMATADO.
-
message_box_title
LAMMER
-
password
kek
-
regkey_hkcu
Avirnt
-
regkey_hklm
Avgnt
Targets
-
-
Target
3d7038348d1cdb49aa3cf2814a579106
-
Size
628KB
-
MD5
3d7038348d1cdb49aa3cf2814a579106
-
SHA1
cbdcb096507857dfdb6d0cadf4025dbc1cb015af
-
SHA256
09f7e0f4a25eae59b31fb4231c07b4216232480bcb86afd58b4e861a7dc5d867
-
SHA512
bbe80c189864c3bff6a1548864321d60e0d913e53b4251abb3f3448863132038bcbe694d1ca5d4a3cbfc2213a6112e39abe3bba451dcc982883129f44e0cd540
-
SSDEEP
12288:k5Zwhd7NgMUirmV/64WNImtXfmst+ra6Tefs2SI/3m1v1uN4h/xQp6+tqOYy9zo8:k5qDUirml64WNbOFra6AyIW30ltYYo8
-
Adds policy Run key to start application
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-