Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
15c2bb43ea229cf6fa623d6d2df7256eb1b2fd99421df56bac0a77532207e12a
-
Size
561KB
-
Sample
221029-2z3rnsbdgr
-
MD5
a378454e67d8cee3f1f3a2625b7d017e
-
SHA1
b5510f1092e2555ccba3a89d0086c0f722a1b317
-
SHA256
15c2bb43ea229cf6fa623d6d2df7256eb1b2fd99421df56bac0a77532207e12a
-
SHA512
d9dd64f478af755b8e211b9a6830ef398fa2266907ed5a209695fc3c2908f0fafbeb0794b5854e16f2a54f3ee2806efb50915c672f9eaf300858f65d4829143f
-
SSDEEP
6144:wVFn8bZv96J7r0+RVgJ/ZzZl9SgLE7fEkwN5QOUqwMhV9JUdPpZGpzG3ON0a76oc:wV2Nv96l9CRzn4Lckwws3ngfvM6
Static task
static1
Behavioral task
behavioral1
Sample
15c2bb43ea229cf6fa623d6d2df7256eb1b2fd99421df56bac0a77532207e12a.exe
Resource
win7-20220812-en
Malware Config
Extracted
cybergate
2.6
vítima
zabzab.no-ip.biz:82
***MUTEX***
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
install
-
install_file
server.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
texto da mensagem
-
message_box_title
título da mensagem
-
password
140208
-
regkey_hkcu
HKCU
-
regkey_hklm
HKLM
Targets
-
-
Target
15c2bb43ea229cf6fa623d6d2df7256eb1b2fd99421df56bac0a77532207e12a
-
Size
561KB
-
MD5
a378454e67d8cee3f1f3a2625b7d017e
-
SHA1
b5510f1092e2555ccba3a89d0086c0f722a1b317
-
SHA256
15c2bb43ea229cf6fa623d6d2df7256eb1b2fd99421df56bac0a77532207e12a
-
SHA512
d9dd64f478af755b8e211b9a6830ef398fa2266907ed5a209695fc3c2908f0fafbeb0794b5854e16f2a54f3ee2806efb50915c672f9eaf300858f65d4829143f
-
SSDEEP
6144:wVFn8bZv96J7r0+RVgJ/ZzZl9SgLE7fEkwN5QOUqwMhV9JUdPpZGpzG3ON0a76oc:wV2Nv96l9CRzn4Lckwws3ngfvM6
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-