General
-
Target
c4f764597e9912dca5e7c462d99b965d
-
Size
665KB
-
Sample
240313-e2fctsee37
-
MD5
c4f764597e9912dca5e7c462d99b965d
-
SHA1
4b300b99f61cfec284fca6e1390eb30b7bba5803
-
SHA256
3c058a8e9c46df81f2cbc595282d8e46e25b0b4ecd883f901a30e59a660657ff
-
SHA512
edb16b61f68ae57c816eae37574512e1d556276a5abd9a2c1e4e2c70ab68dc9b22e31ba2012165ba32668d26b585665ee9ae9e11914357c314b926d99fcb68d3
-
SSDEEP
12288:qHLUMuiv9RgfSjAzRtyclz4pR1UMedz6lI1vV4u+0qsx:ItARZlkpR1Uhz+Q
Behavioral task
behavioral1
Sample
c4f764597e9912dca5e7c462d99b965d.exe
Resource
win7-20240215-en
Malware Config
Extracted
cybergate
v1.02.1
Lammer
matrix-hacker.no-ip.biz:81
Pluguin
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
Microsoft
-
install_file
virus.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
VOCÊ FOI HACKEADO ...SEU SISTEMA SERÁ FORMATADO.
-
message_box_title
LAMMER
-
password
123
-
regkey_hkcu
win32
-
regkey_hklm
win32
Targets
-
-
Target
c4f764597e9912dca5e7c462d99b965d
-
Size
665KB
-
MD5
c4f764597e9912dca5e7c462d99b965d
-
SHA1
4b300b99f61cfec284fca6e1390eb30b7bba5803
-
SHA256
3c058a8e9c46df81f2cbc595282d8e46e25b0b4ecd883f901a30e59a660657ff
-
SHA512
edb16b61f68ae57c816eae37574512e1d556276a5abd9a2c1e4e2c70ab68dc9b22e31ba2012165ba32668d26b585665ee9ae9e11914357c314b926d99fcb68d3
-
SSDEEP
12288:qHLUMuiv9RgfSjAzRtyclz4pR1UMedz6lI1vV4u+0qsx:ItARZlkpR1Uhz+Q
-
Adds policy Run key to start application
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-