Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    0644fe53fbe3cca444a45a79eea78df1

  • Size

    720KB

  • Sample

    231229-2wva5adbe7

  • MD5

    0644fe53fbe3cca444a45a79eea78df1

  • SHA1

    f26ab67d9b295538cf00867c7477f21c0937e4fa

  • SHA256

    63995c35220f25866e9ead8b983ae752e2be9c9757610b8f7013942a884d0349

  • SHA512

    7bd34a478165d3efd088f8604b5ccc22a6177a07597bb186e7df9b9a526fa413fc0ab9787a8fe464ee40c29d44d04cdb2e5a959fb9a270fdeb8759b2b48f754a

  • SSDEEP

    12288:j9BVlsN6h0nkzBOMhS7XvLHxKO+WFAnZSDyXTBEXgLBAOKkTUqmjYVZ8nrGu5x:jfVlsN6OkzEGSvZwSDytE+OO9Iqm0cr3

Malware Config

Extracted

Family

cybergate

Version

2.6

Botnet

ÖÍíÉ

C2

5.0.167.248:288

Mutex

***MUTEX***

Attributes
  • enable_keylogger

    true

  • enable_message_box

    false

  • ftp_directory

    ./logs/

  • ftp_interval

    30

  • injected_process

    svchost.exe

  • install_file

    windows.exe

  • install_flag

    true

  • keylogger_enable_ftp

    false

  • message_box_caption

    texto da mensagem

  • message_box_title

    t?tulo da mensagem

  • password

    abcd1234

Targets

    • Target

      0644fe53fbe3cca444a45a79eea78df1

    • Size

      720KB

    • MD5

      0644fe53fbe3cca444a45a79eea78df1

    • SHA1

      f26ab67d9b295538cf00867c7477f21c0937e4fa

    • SHA256

      63995c35220f25866e9ead8b983ae752e2be9c9757610b8f7013942a884d0349

    • SHA512

      7bd34a478165d3efd088f8604b5ccc22a6177a07597bb186e7df9b9a526fa413fc0ab9787a8fe464ee40c29d44d04cdb2e5a959fb9a270fdeb8759b2b48f754a

    • SSDEEP

      12288:j9BVlsN6h0nkzBOMhS7XvLHxKO+WFAnZSDyXTBEXgLBAOKkTUqmjYVZ8nrGu5x:jfVlsN6OkzEGSvZwSDytE+OO9Iqm0cr3

    • CyberGate, Rebhip

      CyberGate is a lightweight remote administration tool with a wide array of functionalities.

    • Adds policy Run key to start application

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks