Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

3a4bf2cfa2...18.exe

windows7-x64

10

3a4bf2cfa2...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3a4bf2cfa2dc6689fd70b0cf259944dc_JaffaCakes118

  • Size

    1.0MB

  • Sample

    241012-qwae6stakb

  • MD5

    3a4bf2cfa2dc6689fd70b0cf259944dc

  • SHA1

    d5225eef301407357ac0d834dec9136bcea005a0

  • SHA256

    f6d87fbd40e688642b467dcd1c4902d8c528324c892d0f293dbc3e8febd98f3a

  • SHA512

    32337014f67169436ceb6ec2b9afa65e7458174f4f74cbec93aaa676954987678959902f9f61841e78263baaf82b2b0feefd994307ed12c6ad27b76ca231cddd

  • SSDEEP

    12288:+C7ZyPBT3I7Q8XT/FWelg+Ovgg/XhZsbw:VZyPN3R8X4ew4g/X

Score
10/10
cybergatelatentbotantivirdiscoverypersistencestealertrojanupx

Malware Config

Extracted

Family

cybergate

Version

v1.07.5

Botnet

AntiVir

C2

darkcomet33.zapto.org:50036

Mutex

M72EA630OP1TE8

Attributes
  • enable_keylogger

    false

  • enable_message_box

    false

  • ftp_directory

    ./logs/

  • ftp_interval

    30

  • injected_process

    explorer.exe

  • install_dir

    install

  • install_file

    svchost.exe

  • install_flag

    true

  • keylogger_enable_ftp

    false

  • message_box_caption

    Remote Administration anywhere in the world.

  • message_box_title

    CyberGate

  • password

    pimmel1337

  • regkey_hkcu

    HKCU

  • regkey_hklm

    HKLM

Extracted

Family

latentbot

C2

darkcomet33.zapto.org

Targets

    • Target

      3a4bf2cfa2dc6689fd70b0cf259944dc_JaffaCakes118

    • Size

      1.0MB

    • MD5

      3a4bf2cfa2dc6689fd70b0cf259944dc

    • SHA1

      d5225eef301407357ac0d834dec9136bcea005a0

    • SHA256

      f6d87fbd40e688642b467dcd1c4902d8c528324c892d0f293dbc3e8febd98f3a

    • SHA512

      32337014f67169436ceb6ec2b9afa65e7458174f4f74cbec93aaa676954987678959902f9f61841e78263baaf82b2b0feefd994307ed12c6ad27b76ca231cddd

    • SSDEEP

      12288:+C7ZyPBT3I7Q8XT/FWelg+Ovgg/XhZsbw:VZyPN3R8X4ew4g/X

    Score
    10/10
    cybergatelatentbotantivirdiscoverypersistencestealertrojanupx

    • CyberGate, Rebhip

      CyberGate is a lightweight remote administration tool with a wide array of functionalities.

      trojanstealercybergate

    • LatentBot

      Modular trojan written in Delphi which has been in-the-wild since 2013.

      trojanlatentbot

    • Adds policy Run key to start application

      persistence

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.