Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

95a85ed142...18.exe

windows7-x64

10

95a85ed142...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    95a85ed1422bc39a08e80752308fcd43_JaffaCakes118

  • Size

    290KB

  • MD5

    95a85ed1422bc39a08e80752308fcd43

  • SHA1

    bbbbe89e5f4afb65f7dfd7414c2dad0eb086e14c

  • SHA256

    8bd089ef938ec61bb479f3c0a1ef722dcbff0842d741a0a9bc659cc26556ddc1

  • SHA512

    3aa976070547e5ad0f39522f652055a5dfc7eae65181de204e3692e0508ebd7e33384088e359bd9d24b09f7abb111547a2377b5e0c29b9eb5f6ff68c2913e6e2

  • SSDEEP

    6144:EmcD66RRjo5JGmrpQsK3FD2u270jupCJsCxCP:lcD663V92zkPaCxI

Score
10/10
bruxitima colheta felizcybergate

Malware Config

Extracted

Family

cybergate

Version

2.6

Botnet

Bruxitima Colheta feliz

C2

bruxinhospy.no-ip.org:83

bruxinhospy.no-ip.biz:83

spybruxinho.no-ip.org:83

spybruxinho.no-ip.biz:83
Mutex

***MUTEX***

Attributes
  • enable_keylogger

    true

  • enable_message_box

    false

  • ftp_directory

    ./logs/

  • ftp_interval

    30

  • injected_process

    explorer.exe

  • install_dir

    System32.ex

  • install_file

    archivers.exe

  • install_flag

    true

  • keylogger_enable_ftp

    false

  • message_box_caption

    esse arquivo precisa do codec pack para visualizar

  • message_box_title

    Fatal Error

  • password

    abcd1234

  • regkey_hkcu

    fdofb

  • regkey_hklm

    kfidjf

Signatures

  • Cybergate family
    cybergate
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 95a85ed1422bc39a08e80752308fcd43_JaffaCakes118
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections