Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
c2d25cb6cd45caf646e652cbc9446bc5
-
Size
274KB
-
MD5
c2d25cb6cd45caf646e652cbc9446bc5
-
SHA1
9d0ee51d48aea46efc34835c0b968e2a00fca793
-
SHA256
127c7757b26cf59dbe1ffadb839894471a135fe113abf990059c3a35701086a9
-
SHA512
3c1378d0678ad56d109a21a9b2d0f74533dccee970aec169ac287080bc6ef4c9f4f04e68f25d57dfba436b55f230e9153e624a0117f064448462824e74e246dd
-
SSDEEP
6144:cMjsrtcPtdPUbYKDXfgttQ6QajohbfmIV5ojI:c8mtcF5UnfgjQ6QajopfmIVK0
Malware Config
Extracted
cybergate
v1.07.5
micro13natural
freefree13.hopto.org:1313
microsoft-corp.myftp.org:1313
U827U0JI5X0C7D
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./result/
-
ftp_interval
20
-
ftp_password
f131313
-
ftp_port
21
-
ftp_server
ftp.drivehq.com
-
ftp_username
greenfreak13
-
injected_process
explorer.exe
-
install_dir
install
-
install_file
Svchost.exe
-
install_flag
true
-
keylogger_enable_ftp
true
-
message_box_caption
Remote Administration anywhere in the world.
-
message_box_title
CyberGate
-
password
f131313
Signatures
-
Cybergate family
-
UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Unsigned PE 2 IoCs
Checks for missing Authenticode signature.
Files
-
c2d25cb6cd45caf646e652cbc9446bc5
Headers
Sections
-
out.upx
Headers
Sections