Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
53ac0a79e89f1935f672e12c4151cddf
-
Size
520KB
-
Sample
231226-eyvncacggk
-
MD5
53ac0a79e89f1935f672e12c4151cddf
-
SHA1
11c869ec051b487eb6e7a354405c111beb8bdde3
-
SHA256
9b08832289f82d63f2479a0e3ac0924f0f16b6f92c0c534e20dbbff9a72e229b
-
SHA512
20693011cc5cf0dd38f27d6df182f7beba323da8e766ce45fb3eab06d1c2b995a524b90618185d9cf1f0dd5f8f6ac349fd97fb8002a1ae167366767c80e2ad45
-
SSDEEP
6144:tSqjYYsDmEvUbbqakhQLeKfJc6KPs+Ac+RF+0Q0eXlxl6+huQCQL:bUvKiXakhQiKfJcVs+P+etl6urr
Static task
static1
Behavioral task
behavioral1
Sample
53ac0a79e89f1935f672e12c4151cddf.exe
Resource
win7-20231215-en
Malware Config
Extracted
cybergate
v1.07.5
cyber
abdal.zapto.org:81
8JP8Q227EM8LUJ
-
enable_keylogger
true
-
enable_message_box
true
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
WinDir
-
install_file
igfxpres.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
To run this application, you must install .NET Framework v4.0
-
message_box_title
Error Webcam Viewer
-
password
123456
-
regkey_hkcu
HKCU
-
regkey_hklm
HKLM
Targets
-
-
Target
53ac0a79e89f1935f672e12c4151cddf
-
Size
520KB
-
MD5
53ac0a79e89f1935f672e12c4151cddf
-
SHA1
11c869ec051b487eb6e7a354405c111beb8bdde3
-
SHA256
9b08832289f82d63f2479a0e3ac0924f0f16b6f92c0c534e20dbbff9a72e229b
-
SHA512
20693011cc5cf0dd38f27d6df182f7beba323da8e766ce45fb3eab06d1c2b995a524b90618185d9cf1f0dd5f8f6ac349fd97fb8002a1ae167366767c80e2ad45
-
SSDEEP
6144:tSqjYYsDmEvUbbqakhQLeKfJc6KPs+Ac+RF+0Q0eXlxl6+huQCQL:bUvKiXakhQiKfJcVs+P+etl6urr
-
Adds policy Run key to start application
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-