General
-
Target
ba2e1aa7a839398cd07c02107ff13aef
-
Size
364KB
-
Sample
231227-3dyq9schh8
-
MD5
ba2e1aa7a839398cd07c02107ff13aef
-
SHA1
1de597a131d4d7f34468379133300b97722ee8af
-
SHA256
97cb1bf7596b230fd0018747e04f0ec722d509d6faa0ab5bdb508eec87145010
-
SHA512
ece4ae9222551dfde43f24820e1ba97adba4f6af8e267610629de4a9ed46e96fb41bbb66cce913cd88f847635d7cf37326d49b6c43e5485df662f18cf75777c6
-
SSDEEP
6144:Qi+LCTsboLAT4AnVc2G+StQ5el6eUJNY0shWM9THuoCq+ik17cScf:4LCT8EATxef+e6hJVm9Du5ikG3
Static task
static1
Behavioral task
behavioral1
Sample
ba2e1aa7a839398cd07c02107ff13aef.exe
Resource
win7-20231215-en
Malware Config
Extracted
cybergate
v1.02.1
Lammer
127.0.0.1:81
Pluguin
-
enable_keylogger
true
-
enable_message_box
true
-
ftp_directory
./
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
Microsoft
-
install_file
Pluguin.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
VOCÊ FOI HACKEADO ...SEU SISTEMA SERÁ FORMATADO.
-
message_box_title
LAMMER
-
password
123
Targets
-
-
Target
ba2e1aa7a839398cd07c02107ff13aef
-
Size
364KB
-
MD5
ba2e1aa7a839398cd07c02107ff13aef
-
SHA1
1de597a131d4d7f34468379133300b97722ee8af
-
SHA256
97cb1bf7596b230fd0018747e04f0ec722d509d6faa0ab5bdb508eec87145010
-
SHA512
ece4ae9222551dfde43f24820e1ba97adba4f6af8e267610629de4a9ed46e96fb41bbb66cce913cd88f847635d7cf37326d49b6c43e5485df662f18cf75777c6
-
SSDEEP
6144:Qi+LCTsboLAT4AnVc2G+StQ5el6eUJNY0shWM9THuoCq+ik17cScf:4LCT8EATxef+e6hJVm9Du5ikG3
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-