Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ba3d8adb44ed41edf20a140e81f4148a_JaffaCakes118

  • Size

    498KB

  • Sample

    240823-edkbwateqa

  • MD5

    ba3d8adb44ed41edf20a140e81f4148a

  • SHA1

    0831001209823f6bac0efd7115972e86df9b73f4

  • SHA256

    03cc7a29cfcf57a0d7cfe4c5c6a10ecdd9e3db32676672fb290a371da26469ad

  • SHA512

    29878bef31ea121283a10b9258d47d71ffdddd4e779445f811c9e2d2b4fbb470dae19f91d8c83a91a15ef777dc6c822ac70d96edb20900c8ce299c612232a33f

  • SSDEEP

    6144:Q9iOktDPSBBzUKvs/wdeqN7g5cyV5tbyzTlr+r6J7NEqT5knyH1PV2yy+gGu09QL:zSHzVsCD4pWNa6pvYyH1PQyy+gGBS

Malware Config

Extracted

Family

cybergate

Version

v1.07.5

Botnet

Tencent

C2

symeon3melrich.no-ip.org:7000

Mutex

E45T03S44THK81

Attributes
  • enable_keylogger

    false

  • enable_message_box

    false

  • ftp_directory

    ./logs/

  • ftp_interval

    30

  • injected_process

    explorer.exe

  • install_dir

    install

  • install_file

    server.exe

  • install_flag

    false

  • keylogger_enable_ftp

    false

  • message_box_caption

    Remote Administration anywhere in the world.

  • message_box_title

    CyberGate

  • password

    ZBj2

Targets

    • Target

      ba3d8adb44ed41edf20a140e81f4148a_JaffaCakes118

    • Size

      498KB

    • MD5

      ba3d8adb44ed41edf20a140e81f4148a

    • SHA1

      0831001209823f6bac0efd7115972e86df9b73f4

    • SHA256

      03cc7a29cfcf57a0d7cfe4c5c6a10ecdd9e3db32676672fb290a371da26469ad

    • SHA512

      29878bef31ea121283a10b9258d47d71ffdddd4e779445f811c9e2d2b4fbb470dae19f91d8c83a91a15ef777dc6c822ac70d96edb20900c8ce299c612232a33f

    • SSDEEP

      6144:Q9iOktDPSBBzUKvs/wdeqN7g5cyV5tbyzTlr+r6J7NEqT5knyH1PV2yy+gGu09QL:zSHzVsCD4pWNa6pvYyH1PQyy+gGBS

    • CyberGate, Rebhip

      CyberGate is a lightweight remote administration tool with a wide array of functionalities.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Uses the VBS compiler for execution

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks