Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
3045559be8885d85a9124cbf910bd66a23504d8bc9710a34ba3d9b3e49317512
-
Size
604KB
-
Sample
221020-t111gadddp
-
MD5
8099575e0a1376511f1c53c14ec8ca40
-
SHA1
11d8deae9e9d778654202cdc2ebdd379c2b9486b
-
SHA256
3045559be8885d85a9124cbf910bd66a23504d8bc9710a34ba3d9b3e49317512
-
SHA512
67cfef441f070dbb531501e9a7172b5c028d20c643af421e625d9f88ea1f44399e17b033606e8221dfd91073c3441271d9ba6e7c346992ab2e291b171b6319a1
-
SSDEEP
12288:PpxEjNB1TVJjhwK8lUohCvJfhE9tPLiMI+7WBHqU8/++NnqAh:vEp1Cl6Jf0PkLBDyJ
Static task
static1
Behavioral task
behavioral1
Sample
3045559be8885d85a9124cbf910bd66a23504d8bc9710a34ba3d9b3e49317512.exe
Resource
win7-20220812-en
Malware Config
Extracted
cybergate
2.6
vítima
bw000.ddns.net:81
bw000.ddns.net:82
***MUTEX***
-
enable_keylogger
true
-
enable_message_box
true
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
Windows
-
install_file
server.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
Arquivo Corrompido Pelo AntiVirus.
-
message_box_title
Error
-
password
123
-
regkey_hkcu
Win32
-
regkey_hklm
Win32
Targets
-
-
Target
3045559be8885d85a9124cbf910bd66a23504d8bc9710a34ba3d9b3e49317512
-
Size
604KB
-
MD5
8099575e0a1376511f1c53c14ec8ca40
-
SHA1
11d8deae9e9d778654202cdc2ebdd379c2b9486b
-
SHA256
3045559be8885d85a9124cbf910bd66a23504d8bc9710a34ba3d9b3e49317512
-
SHA512
67cfef441f070dbb531501e9a7172b5c028d20c643af421e625d9f88ea1f44399e17b033606e8221dfd91073c3441271d9ba6e7c346992ab2e291b171b6319a1
-
SSDEEP
12288:PpxEjNB1TVJjhwK8lUohCvJfhE9tPLiMI+7WBHqU8/++NnqAh:vEp1Cl6Jf0PkLBDyJ
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-