Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
b2b74bbcb632baa881c1b1bf3101668c7180d5f5fddc05cc2db01fc225c81ebf
-
Size
769KB
-
Sample
221201-xycfwafe4w
-
MD5
f0e1484d691b12431fba91c0e2496302
-
SHA1
94aefda8547526f272bf61505533ad45833c9953
-
SHA256
b2b74bbcb632baa881c1b1bf3101668c7180d5f5fddc05cc2db01fc225c81ebf
-
SHA512
2d75c952a9831c202e4c2e9e3d8afdfd9624566ee149e508a161ef613832938c4b315505be0c4f458b16c37370ea4039f3a87081feb295e793afa0650af13d58
-
SSDEEP
12288:TBzLY3O3AibXVa37V5kNlyXo8HHUYbQEZyKKa1Lb/Zr+aXbKuGduiTsJXrMxh3HN:THXwjRO8d44oep
Malware Config
Extracted
cybergate
v1.10.4
EX4
trinity.serveftp.com:4200
2X3B3ON7QEJ84M
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
install
-
install_file
server.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
Remote Administration anywhere in the world.
-
message_box_title
CyberGate
-
password
eggnet
-
regkey_hkcu
HKCU
-
regkey_hklm
HKLM
Targets
-
-
Target
b2b74bbcb632baa881c1b1bf3101668c7180d5f5fddc05cc2db01fc225c81ebf
-
Size
769KB
-
MD5
f0e1484d691b12431fba91c0e2496302
-
SHA1
94aefda8547526f272bf61505533ad45833c9953
-
SHA256
b2b74bbcb632baa881c1b1bf3101668c7180d5f5fddc05cc2db01fc225c81ebf
-
SHA512
2d75c952a9831c202e4c2e9e3d8afdfd9624566ee149e508a161ef613832938c4b315505be0c4f458b16c37370ea4039f3a87081feb295e793afa0650af13d58
-
SSDEEP
12288:TBzLY3O3AibXVa37V5kNlyXo8HHUYbQEZyKKa1Lb/Zr+aXbKuGduiTsJXrMxh3HN:THXwjRO8d44oep
Score10/10-
CyberGate, Rebhip
CyberGate is a lightweight remote administration tool with a wide array of functionalities.
-
Suspicious use of SetThreadContext
-