Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    c2d25cb6cd45caf646e652cbc9446bc5

  • Size

    274KB

  • MD5

    c2d25cb6cd45caf646e652cbc9446bc5

  • SHA1

    9d0ee51d48aea46efc34835c0b968e2a00fca793

  • SHA256

    127c7757b26cf59dbe1ffadb839894471a135fe113abf990059c3a35701086a9

  • SHA512

    3c1378d0678ad56d109a21a9b2d0f74533dccee970aec169ac287080bc6ef4c9f4f04e68f25d57dfba436b55f230e9153e624a0117f064448462824e74e246dd

  • SSDEEP

    6144:cMjsrtcPtdPUbYKDXfgttQ6QajohbfmIV5ojI:c8mtcF5UnfgjQ6QajopfmIVK0

Malware Config

Extracted

Family

cybergate

Version

v1.07.5

Botnet

micro13natural

C2

freefree13.hopto.org:1313

microsoft-corp.myftp.org:1313

Mutex

U827U0JI5X0C7D

Attributes
  • enable_keylogger

    true

  • enable_message_box

    false

  • ftp_directory

    ./result/

  • ftp_interval

    20

  • ftp_password

    f131313

  • ftp_port

    21

  • ftp_server

    ftp.drivehq.com

  • ftp_username

    greenfreak13

  • injected_process

    explorer.exe

  • install_dir

    install

  • install_file

    Svchost.exe

  • install_flag

    true

  • keylogger_enable_ftp

    true

  • message_box_caption

    Remote Administration anywhere in the world.

  • message_box_title

    CyberGate

  • password

    f131313

Signatures

  • Cybergate family
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Unsigned PE 2 IoCs

    Checks for missing Authenticode signature.

Files

  • c2d25cb6cd45caf646e652cbc9446bc5
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • out.upx
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.