General
-
Target
1f54537cced97edc3802c5367c6ca067
-
Size
315KB
-
Sample
231230-21x8ksbcb8
-
MD5
1f54537cced97edc3802c5367c6ca067
-
SHA1
c0e5c1c4748b3d7f8cff1a358ac61197bb8a3220
-
SHA256
28bdafb821a88c2cf9379a4ab1980bd9d617e5ca6122235907e5920694f01603
-
SHA512
201959310fc4798a9801a0af1bedd888377d56bc76a509eac4f24b1ac77842261f2a71451d50117186baaa4e5f80e2143dfba615c28393ccb67190a91735f670
-
SSDEEP
6144:y1CnYerMCieZsx0ieFu3RUt/j5lXrL16b4NzLfztwIm1vzqtl3x:FnHMUy0ieYhUt/j5l7LK4NHbi4h
Static task
static1
Behavioral task
behavioral1
Sample
1f54537cced97edc3802c5367c6ca067.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
1f54537cced97edc3802c5367c6ca067.exe
Resource
win10v2004-20231222-en
Malware Config
Extracted
cybergate
v1.02.1
Lammer
kitohacking1.no-ip.org:82
Pluguin
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
Microsoft2
-
install_file
Pluguin.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
VOCÊ FOI HACKEADO ...SEU SISTEMA SERÁ FORMATADO.
-
message_box_title
LAMMER
-
password
kito
-
regkey_hkcu
Win32
-
regkey_hklm
Win32
Targets
-
-
Target
1f54537cced97edc3802c5367c6ca067
-
Size
315KB
-
MD5
1f54537cced97edc3802c5367c6ca067
-
SHA1
c0e5c1c4748b3d7f8cff1a358ac61197bb8a3220
-
SHA256
28bdafb821a88c2cf9379a4ab1980bd9d617e5ca6122235907e5920694f01603
-
SHA512
201959310fc4798a9801a0af1bedd888377d56bc76a509eac4f24b1ac77842261f2a71451d50117186baaa4e5f80e2143dfba615c28393ccb67190a91735f670
-
SSDEEP
6144:y1CnYerMCieZsx0ieFu3RUt/j5lXrL16b4NzLfztwIm1vzqtl3x:FnHMUy0ieYhUt/j5l7LK4NHbi4h
-
Modifies Installed Components in the registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-