Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
77a531c73cfb4426964029e611f438cd
-
Size
392KB
-
Sample
240126-r7sassgaf6
-
MD5
77a531c73cfb4426964029e611f438cd
-
SHA1
9078b6f8d51dce6a347379665f0f3a9494bead2e
-
SHA256
6d65f698915ffeb197d4c5852a8b5275eac96174b94a5a911e9e7dde2b21edeb
-
SHA512
ce25b192d8beeddae1c822dcc9c9fcc2bcbfe94e931b42f165626c171a117703732d6ce1bcd5a544646c732e0a6dda10263bd1289bfd2c0797efb70f2ca80a5f
-
SSDEEP
6144:nD/bumn1Ns48rVcrQfxy6cfQm72K/jJBFozz8zyNW91k28DdQrPvWbwCLcqujY6c:njKm1Ns/QQU605bpFJE5dQawwbeY4BQ
Static task
static1
Behavioral task
behavioral1
Sample
77a531c73cfb4426964029e611f438cd.exe
Resource
win7-20231215-en
Malware Config
Extracted
cybergate
2.6
ÈÏí Çäíßß
mohammad2010.no-ip.biz:100
***MUTEX***
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
svchost.exe
-
install_dir
system32
-
install_file
system32.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
texto da mensagem
-
message_box_title
t?tulo da mensagem
-
password
abcd1234
-
regkey_hkcu
HKCU
-
regkey_hklm
HKLM
Targets
-
-
Target
77a531c73cfb4426964029e611f438cd
-
Size
392KB
-
MD5
77a531c73cfb4426964029e611f438cd
-
SHA1
9078b6f8d51dce6a347379665f0f3a9494bead2e
-
SHA256
6d65f698915ffeb197d4c5852a8b5275eac96174b94a5a911e9e7dde2b21edeb
-
SHA512
ce25b192d8beeddae1c822dcc9c9fcc2bcbfe94e931b42f165626c171a117703732d6ce1bcd5a544646c732e0a6dda10263bd1289bfd2c0797efb70f2ca80a5f
-
SSDEEP
6144:nD/bumn1Ns48rVcrQfxy6cfQm72K/jJBFozz8zyNW91k28DdQrPvWbwCLcqujY6c:njKm1Ns/QQU605bpFJE5dQawwbeY4BQ
-
Adds policy Run key to start application
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-