General
-
Target
99177b712a859d1d9aae815d7f062ca9
-
Size
348KB
-
Sample
240213-lnpgxagb73
-
MD5
99177b712a859d1d9aae815d7f062ca9
-
SHA1
8f3149f640e681bdb0d6c778ad5b505345a44d09
-
SHA256
7dc2bead04213a01e592b64f24319141c3b4f60383a7289a2f584c955a61ecaf
-
SHA512
a4235110990ce92d5425c972892490960e901ab7a6014edfd6c918e09a7c3955e655e10598315fc8a8100e22c80b35b634de8385330e0aae83bbcbdce9aec2fd
-
SSDEEP
6144:LwvULVxu/sahAaW0KMh8ZkaEkvpGUE9HM9SgJnu6P6A23cau+v/aLhuLOyT:MvULVxksapsMe46rgM97rPA3c3KiL0Lr
Malware Config
Extracted
cybergate
v1.02.1
Lammer
rizkrisk.ddns.net:5000
rizkrisk.ddns.net:6000
SERVIDOR
-
enable_keylogger
true
-
enable_message_box
true
-
ftp_directory
./
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
Microsoft
-
install_file
SERVER.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
VOCÊ FOI HACKEADO ...SEU SISTEMA SERÁ FORMATADO.
-
message_box_title
LAMMER
-
password
123
Targets
-
-
Target
99177b712a859d1d9aae815d7f062ca9
-
Size
348KB
-
MD5
99177b712a859d1d9aae815d7f062ca9
-
SHA1
8f3149f640e681bdb0d6c778ad5b505345a44d09
-
SHA256
7dc2bead04213a01e592b64f24319141c3b4f60383a7289a2f584c955a61ecaf
-
SHA512
a4235110990ce92d5425c972892490960e901ab7a6014edfd6c918e09a7c3955e655e10598315fc8a8100e22c80b35b634de8385330e0aae83bbcbdce9aec2fd
-
SSDEEP
6144:LwvULVxu/sahAaW0KMh8ZkaEkvpGUE9HM9SgJnu6P6A23cau+v/aLhuLOyT:MvULVxksapsMe46rgM97rPA3c3KiL0Lr
Score10/10-
CyberGate, Rebhip
CyberGate is a lightweight remote administration tool with a wide array of functionalities.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of SetThreadContext
-