Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

1d04810ce8...0f.exe

windows7-x64

10

1d04810ce8...0f.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    4s
  • max time network
    31s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/12/2023, 00:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1d04810ce81076e4ce8aa486c9fc8e0f.exe

  • Size

    440KB

  • MD5

    1d04810ce81076e4ce8aa486c9fc8e0f

  • SHA1

    1d1903b97dff422798f4a175fd0de38247bc4809

  • SHA256

    f8c70a0ef93d08809afe39a33bd5c547502e300551839c78fc6299449e299395

  • SHA512

    ae513d6d93eb65621df54344408b7129b30487b0725bc18ca2bf8374c7134fb571c2a1b03142a768efe63066204867dc1771f8c96dbc599c114df4c4915dac06

  • SSDEEP

    12288:/+/7zemHlkCfLEAegIUT2f1SFTCPn9D4ZJ+vz1:W/9lDb5TKQBMDUJ+L1

Score
10/10
cybergatekabalastealertrojanupx

Malware Config

Extracted

Family

cybergate

Version

2.6

Botnet

kabala

C2

kabala1324.dyndns.org:81

Mutex

***MUTEX***

Attributes
  • enable_keylogger

    true

  • enable_message_box

    true

  • ftp_directory

    ./logs/

  • ftp_interval

    30

  • injected_process

    explorer.exe

  • install_dir

    svchost

  • install_file

    svchost.exe

  • install_flag

    true

  • keylogger_enable_ftp

    false

  • message_box_caption

    Net Frework 4.0

  • message_box_title

    Windows

  • password

    1111

  • regkey_hkcu

    HKCU

  • regkey_hklm

    HKLM

Signatures

  • CyberGate, Rebhip

    CyberGate is a lightweight remote administration tool with a wide array of functionalities.

    trojanstealercybergate
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx

Processes

  • C:\Users\Admin\AppData\Local\Temp\1d04810ce81076e4ce8aa486c9fc8e0f.exe
    "C:\Users\Admin\AppData\Local\Temp\1d04810ce81076e4ce8aa486c9fc8e0f.exe"
    1⤵
      PID:4184
      • C:\Users\Admin\AppData\Local\Temp\1d04810ce81076e4ce8aa486c9fc8e0f.exe
        C:\Users\Admin\AppData\Local\Temp\1d04810ce81076e4ce8aa486c9fc8e0f.exe
        2⤵
          PID:4696
          • C:\Windows\SysWOW64\explorer.exe
            explorer.exe
            3⤵
              PID:4088
            • C:\Program Files\Internet Explorer\iexplore.exe
              "C:\Program Files\Internet Explorer\iexplore.exe"
              3⤵
                PID:3572
              • C:\Users\Admin\AppData\Local\Temp\1d04810ce81076e4ce8aa486c9fc8e0f.exe
                "C:\Users\Admin\AppData\Local\Temp\1d04810ce81076e4ce8aa486c9fc8e0f.exe"
                3⤵
                  PID:4504

            Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Admin\AppData\Local\Temp\XX--XX--XX.txt
              Filesize

              3KB

              MD5

              0a5387fb7b8ab8e3fde7517cde667c5f

              SHA1

              e1a6fe5b7d417b49c5e082655011c97cc0c3488a

              SHA256

              c0c79cd4d9440d87f53f1e9682701a2ad9a2730efd178c2fc571ef04f837755a

              SHA512

              eb1102095fe2b1c3590c5d9cc110b7c53f75ecc7bda2f3e58d3be6030bcb82fe7afb6c6ce4af6d1daf26b1a7e3dd0c2ccd295d651b3639001b5f29f1ac7bf020

              Download Submit

            • C:\Windows\SysWOW64\svchost\svchost.exe
              Filesize

              4KB

              MD5

              67330a79fb26821a97df3c843ab1275b

              SHA1

              a793b3e2f90ba6c7a4d9bef5d367d9ebd04f55bd

              SHA256

              20d2e85693e1d0ecd1f01046c845fe2f11433592b1669c9c29e93df237374ae0

              SHA512

              862c42394fb2cc689612d344aef8209cab12fd1ad9ba64b9f0a93348687549ddc1efe64385b9dbed74b98fdc14ce08ece0a07f9e207ec65e60e49f097b57ca4a

              Download Submit

            • memory/4088-16-0x00000000007E0000-0x00000000007E1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4088-15-0x0000000000720000-0x0000000000721000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4088-76-0x0000000024080000-0x00000000240E2000-memory.dmp

              Filesize

              392KB

              Download

            • memory/4696-5-0x0000000000400000-0x0000000000457000-memory.dmp

              Filesize

              348KB

              Download

            • memory/4696-7-0x0000000000400000-0x0000000000457000-memory.dmp

              Filesize

              348KB

              Download

            • memory/4696-6-0x0000000000400000-0x0000000000457000-memory.dmp

              Filesize

              348KB

              Download

            • memory/4696-3-0x0000000000400000-0x0000000000457000-memory.dmp

              Filesize

              348KB

              Download

            • memory/4696-11-0x0000000024010000-0x0000000024072000-memory.dmp

              Filesize

              392KB

              Download

            • memory/4696-71-0x0000000024080000-0x00000000240E2000-memory.dmp

              Filesize

              392KB

              Download