General
-
Target
b16e27c0a879acd4b9b0114269b9c213
-
Size
316KB
-
Sample
240304-g5a9dsch96
-
MD5
b16e27c0a879acd4b9b0114269b9c213
-
SHA1
20b6bf8203445828c2df8b2880218ab8255e4b9a
-
SHA256
ecba45cfd2a5b21e822487b035ea64f5e7f05963c54cf0c2f19b4e57272ed8fd
-
SHA512
f51d0934773996a695d5fa9695a5a9cab6e3f75abb46d132e1e895e8e17c8269bba1332fd58dfb27d8cb19de86ab41adf73318c07f3d008898a013b8a7faf424
-
SSDEEP
6144:n/LJFK4LhrSeau3UG6q2EW3MlRCYN3UikMBgRilk1aaf2:/jBLoPuY33M+YNjkI1kAf
Static task
static1
Behavioral task
behavioral1
Sample
b16e27c0a879acd4b9b0114269b9c213.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
b16e27c0a879acd4b9b0114269b9c213.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
cybergate
v1.02.1
victime
127.0.0.1:82
gassper.no-ip.biz:82
Pluguin
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
-
install_file
server.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
VOCÊ FOI HACKEADO ...SEU SISTEMA SERÁ FORMATADO.
-
message_box_title
LAMMER
-
password
123456
-
regkey_hkcu
Avirnt
-
regkey_hklm
Avgnt
Targets
-
-
Target
b16e27c0a879acd4b9b0114269b9c213
-
Size
316KB
-
MD5
b16e27c0a879acd4b9b0114269b9c213
-
SHA1
20b6bf8203445828c2df8b2880218ab8255e4b9a
-
SHA256
ecba45cfd2a5b21e822487b035ea64f5e7f05963c54cf0c2f19b4e57272ed8fd
-
SHA512
f51d0934773996a695d5fa9695a5a9cab6e3f75abb46d132e1e895e8e17c8269bba1332fd58dfb27d8cb19de86ab41adf73318c07f3d008898a013b8a7faf424
-
SSDEEP
6144:n/LJFK4LhrSeau3UG6q2EW3MlRCYN3UikMBgRilk1aaf2:/jBLoPuY33M+YNjkI1kAf
-
Adds policy Run key to start application
-
Modifies Installed Components in the registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-