Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

4a65f8e335...e5.exe

windows7-x64

10

4a65f8e335...e5.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4a65f8e335381eb93f30036bc05652e5

  • Size

    670KB

  • Sample

    240108-epwt2saggm

  • MD5

    4a65f8e335381eb93f30036bc05652e5

  • SHA1

    c56462f46ad15e2fa3fd044eb4c2476e41abf0f9

  • SHA256

    cfe88ff0c1d88dae161cab2dfc9381d8d4cffcde1ba61f0fdc48dac466c56531

  • SHA512

    4e89cc10ea9587e9c85b0bdb16c6cf27022cfe8f5c5b1866c0df3c61b6a2bb4b54865c6c2d45fb81da12d60d8d43f96c46a0689f465674313ff876fa2c74a891

  • SSDEEP

    12288:fw80KZh/N1ty6xa8WmlgsaIihanZryw//aMs2yRUPe9uqyS1uqc9lui0:fw80Kx1AiW2V9Mw/SlBwac9Yi0

Score
10/10
cybergatevítima2702persistencestealertrojanupx

Malware Config

Extracted

Family

cybergate

Version

2.6

Botnet

Vítima2702

C2

scorpiontrilogy.no-ip.info:8000

scorpiontrilogy22.no-ip.info:8000

scorpiontrilogy22.no-ip.org:8000
Mutex

monitor

Attributes
  • enable_keylogger

    true

  • enable_message_box

    false

  • ftp_directory

    ./logs/

  • ftp_interval

    30

  • injected_process

    explorer.exe

  • install_dir

    system32

  • install_file

    system.exe

  • install_flag

    true

  • keylogger_enable_ftp

    false

  • message_box_caption

    texto da mensagem

  • message_box_title

    título da mensagem

  • password

    123456

  • regkey_hkcu

    HKCU

  • regkey_hklm

    HKLM

Targets

    • Target

      4a65f8e335381eb93f30036bc05652e5

    • Size

      670KB

    • MD5

      4a65f8e335381eb93f30036bc05652e5

    • SHA1

      c56462f46ad15e2fa3fd044eb4c2476e41abf0f9

    • SHA256

      cfe88ff0c1d88dae161cab2dfc9381d8d4cffcde1ba61f0fdc48dac466c56531

    • SHA512

      4e89cc10ea9587e9c85b0bdb16c6cf27022cfe8f5c5b1866c0df3c61b6a2bb4b54865c6c2d45fb81da12d60d8d43f96c46a0689f465674313ff876fa2c74a891

    • SSDEEP

      12288:fw80KZh/N1ty6xa8WmlgsaIihanZryw//aMs2yRUPe9uqyS1uqc9lui0:fw80Kx1AiW2V9Mw/SlBwac9Yi0

    Score
    10/10
    cybergatevítima2702persistencestealertrojanupx

    • CyberGate, Rebhip

      CyberGate is a lightweight remote administration tool with a wide array of functionalities.

      trojanstealercybergate

    • Adds policy Run key to start application

      persistence

    • Modifies Installed Components in the registry

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.