Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    02a2f58067a5310043fe5e3e205803c3_JaffaCakes118

  • Size

    284KB

  • MD5

    02a2f58067a5310043fe5e3e205803c3

  • SHA1

    69cd7c59e6d18b495afe9520d8c92ebb61bbe082

  • SHA256

    fb1584cb0faaaa5183d86696743f30bbe01f2b9c89f019d071cf90e17552427f

  • SHA512

    0120f474e397bd59a9a8ea5fc1544d48c882f1c75903476d946cd3bd797317f8ff80d19c866e84d9751d674f6ca9316137de18d1e2ed548b62465cfdb25259ca

  • SSDEEP

    6144:Ek4qmibP0RhnMe/TRWTJxyW8zmbaVMiwLe2GBpSrp:H9ahnMVy9zmsM2fpSr

Score
10/10

Malware Config

Extracted

Family

cybergate

Version

2.6

Botnet

ÖÍíÉ

C2

r3b8-1415.no-ip.biz:81

r3b8-1415.no-ip.biz:288

Mutex

***MUTEX***

Attributes
  • enable_keylogger

    true

  • enable_message_box

    false

  • ftp_directory

    ./logs/

  • ftp_interval

    30

  • injected_process

    svchost.exe

  • install_file

    windows.exe

  • install_flag

    true

  • keylogger_enable_ftp

    false

  • message_box_caption

    texto da mensagem

  • message_box_title

    título da mensagem

  • password

    abcd1234

  • regkey_hkcu

    HKCU

  • regkey_hklm

    HKLM

Signatures

  • Cybergate family
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Unsigned PE 2 IoCs

    Checks for missing Authenticode signature.

Files

  • 02a2f58067a5310043fe5e3e205803c3_JaffaCakes118
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • out.upx
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.