Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b219be095284df9e35fe6ab227727d177ccbf898a3a81fde6c222811d3801b82

  • Size

    1.0MB

  • Sample

    221203-hzw5cahg2s

  • MD5

    03994fa377cf5374e90eff4ac8c50597

  • SHA1

    e751349bd707c645131acf0852f6987ccd4dcea4

  • SHA256

    b219be095284df9e35fe6ab227727d177ccbf898a3a81fde6c222811d3801b82

  • SHA512

    5c56b95668d96deeecc270c0dd15ea0f72d3a85f55b1f0a8ec27226093eb8a0335fa673868da45fae9a8f840a6f7870e96b6ddd02a0093594568f1c2e70332ad

  • SSDEEP

    24576:wRmJkcoQricOIQxiZY1iaw0XRpFl3NaYhnL8SJTJ:FJZoQrbTFZY1iaTXRpFl3NhhnL8ATJ

Malware Config

Extracted

Family

cybergate

Version

2.6

Botnet

tensodemais

C2

joaolino.no-ip.org:15963

Mutex

***MUTEX***

Attributes
  • enable_keylogger

    true

  • enable_message_box

    false

  • ftp_directory

    ./logs/

  • ftp_interval

    30

  • injected_process

    explorer.exe

  • install_dir

    install

  • install_file

    server.exe

  • install_flag

    true

  • keylogger_enable_ftp

    false

  • message_box_caption

    texto da mensagem

  • message_box_title

    título da mensagem

  • password

    2010voce

  • regkey_hkcu

    HKCU

  • regkey_hklm

    HKLM

Targets

    • Target

      b219be095284df9e35fe6ab227727d177ccbf898a3a81fde6c222811d3801b82

    • Size

      1.0MB

    • MD5

      03994fa377cf5374e90eff4ac8c50597

    • SHA1

      e751349bd707c645131acf0852f6987ccd4dcea4

    • SHA256

      b219be095284df9e35fe6ab227727d177ccbf898a3a81fde6c222811d3801b82

    • SHA512

      5c56b95668d96deeecc270c0dd15ea0f72d3a85f55b1f0a8ec27226093eb8a0335fa673868da45fae9a8f840a6f7870e96b6ddd02a0093594568f1c2e70332ad

    • SSDEEP

      24576:wRmJkcoQricOIQxiZY1iaw0XRpFl3NaYhnL8SJTJ:FJZoQrbTFZY1iaTXRpFl3NhhnL8ATJ

    • CyberGate, Rebhip

      CyberGate is a lightweight remote administration tool with a wide array of functionalities.

    • Adds policy Run key to start application

    • Executes dropped EXE

    • Modifies Installed Components in the registry

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Loads dropped DLL

    • Adds Run key to start application

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.