Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
e49c8ca914cce43fffbf5ebebf7166dd7ae6709e2cef861f2e870c8644ee0047
-
Size
754KB
-
Sample
221204-nf4mzade25
-
MD5
c5140aef3baa6885a185cca194809f8b
-
SHA1
ab352ae0e7822236625d7479e6e7e11df0175d3b
-
SHA256
e49c8ca914cce43fffbf5ebebf7166dd7ae6709e2cef861f2e870c8644ee0047
-
SHA512
99e4c6c570a82d067e1660ff6657b2d94914dfb7717e3d2b328e883a65539457d5fab1111c49bdaf0e09609ae060ad9ca714793a53eee4e3f8b1343e2981b71f
-
SSDEEP
12288:VvQt60sTsdVAlCWnH2YwfqJL7Al0mWfB50/lm82dy9toTY7W2HRhVzCrDYkjW:xQXsDMOHWfqgNWQdv2s9toMWu/VzCXVW
Static task
static1
Behavioral task
behavioral1
Sample
e49c8ca914cce43fffbf5ebebf7166dd7ae6709e2cef861f2e870c8644ee0047.exe
Resource
win7-20221111-en
Malware Config
Extracted
cybergate
2.6
ÖÍíÉ
raaboo00.no-ip.org:288
***MUTEX***
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
svchost.exe
-
install_dir
eremb
-
install_file
windows.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
texto da mensagem
-
message_box_title
t?tulo da mensagem
-
password
abcd1234
-
regkey_hkcu
it
-
regkey_hklm
ig
Targets
-
-
Target
e49c8ca914cce43fffbf5ebebf7166dd7ae6709e2cef861f2e870c8644ee0047
-
Size
754KB
-
MD5
c5140aef3baa6885a185cca194809f8b
-
SHA1
ab352ae0e7822236625d7479e6e7e11df0175d3b
-
SHA256
e49c8ca914cce43fffbf5ebebf7166dd7ae6709e2cef861f2e870c8644ee0047
-
SHA512
99e4c6c570a82d067e1660ff6657b2d94914dfb7717e3d2b328e883a65539457d5fab1111c49bdaf0e09609ae060ad9ca714793a53eee4e3f8b1343e2981b71f
-
SSDEEP
12288:VvQt60sTsdVAlCWnH2YwfqJL7Al0mWfB50/lm82dy9toTY7W2HRhVzCrDYkjW:xQXsDMOHWfqgNWQdv2s9toMWu/VzCXVW
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-