Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

1d4b18074a...22.exe

windows7-x64

10

1d4b18074a...22.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    04/12/2024, 20:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1d4b18074aa3d958adb6f52e8ba7e37cf6bc799d46784734275cf476a2867622.exe

  • Size

    2.1MB

  • MD5

    bee0398363217eaedbdee4b83e5909fd

  • SHA1

    eeaf4acab9a4d247bb3513110dfffe370301763e

  • SHA256

    1d4b18074aa3d958adb6f52e8ba7e37cf6bc799d46784734275cf476a2867622

  • SHA512

    da608822c3c570f8fe62a10d0b76ed3c706271ff7f22c4ee7c844a5b5e9af48c736d8cf12a393ba3d390e6dd3ed70b26c43a1ab60061812661855fb6183ae22b

  • SSDEEP

    49152:qtACGnO8DYVanUCV9RR2z9TRAiuLjFIWgUWPt5lVU0Eo:qtQnOaUC3q9ojMfP00Eo

Score
10/10
cybergatevítima 4shareddiscoveryevasionstealertrojan

Malware Config

Extracted

Family

cybergate

Version

2.7 Final

Botnet

vítima 4shared

C2

lucasgusmao.no-ip.org:2000

Mutex

***MUTEX***

Attributes
  • enable_keylogger

    true

  • enable_message_box

    true

  • ftp_directory

    ./logs/

  • ftp_interval

    30

  • ftp_password

    123654

  • ftp_port

    21

  • ftp_server

    ftp.server.com

  • ftp_username

    ftp_user

  • injected_process

    explorer.exe

  • install_dir

    install

  • install_file

    server.exe

  • install_flag

    true

  • keylogger_enable_ftp

    true

  • message_box_caption

    Falta de DLL ,Instale a DLL e Reinicie o PC... complemento comdl32.ocx

  • message_box_title

    Error!!!

  • password

    123654

  • regkey_hkcu

    HKCU

  • regkey_hklm

    HKLM

Signatures

  • CyberGate, Rebhip

    CyberGate is a lightweight remote administration tool with a wide array of functionalities.

    trojanstealercybergate
  • Cybergate family
    cybergate
  • UAC bypass 3 TTPs 1 IoCs
    evasiontrojan
  • Windows security bypass 2 TTPs 1 IoCs
    evasiontrojan
  • Windows security modification 2 TTPs 1 IoCs
    evasiontrojan
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Drops file in System32 directory 2 IoCs
  • Suspicious use of SetThreadContext 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 23 IoCs
  • System policy modification 1 TTPs 1 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\1d4b18074aa3d958adb6f52e8ba7e37cf6bc799d46784734275cf476a2867622.exe
    "C:\Users\Admin\AppData\Local\Temp\1d4b18074aa3d958adb6f52e8ba7e37cf6bc799d46784734275cf476a2867622.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2380
    • C:\Users\Admin\AppData\Local\Temp\1d4b18074aa3d958adb6f52e8ba7e37cf6bc799d46784734275cf476a2867622.exe
      C:\Users\Admin\AppData\Local\Temp\1d4b18074aa3d958adb6f52e8ba7e37cf6bc799d46784734275cf476a2867622.exe
      2⤵
      • UAC bypass
      • Windows security bypass
      • Windows security modification
      • Checks whether UAC is enabled
      • Drops file in System32 directory
      • Suspicious use of SetThreadContext
      • System Location Discovery: System Language Discovery
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      • System policy modification
      PID:2140
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2164
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2164 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2608

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    934494db5a2e5e30b41274d83a906ca7

    SHA1

    7f68b971039e35f7e8c77274b8eee51d125b7c5e

    SHA256

    1afac89beff3e66776a7b52d56c753c4e73d9002ffbef853cd3b02703c337a90

    SHA512

    59675ebac5b8d6120c1b275e3449d42e114629b627658fb134887cfe76f6e5fc2011eb233c383789920119388849749032303cc1d9502a99c6cdcab2826ef375

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4327310004f13c164764f3adeee9b6e2

    SHA1

    b2e4878c78e207db206704ffd2747bcfb04fa65a

    SHA256

    ac271502c3f6bd488d6ddc077bdd7cf8f113e653991818f1c4868350560f7ee4

    SHA512

    290c51b561c7755380ae27954d8f4d0598aa53facce70c7c3ccf84cd942d958260844e9b0e8fcf009135506f1799462a124b922ab97e11abecd3e875878edb98

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a4b0958072603573be7169fa6f03f75a

    SHA1

    8460b2c0c2deea97aec53eef2fcb4e91234a6d72

    SHA256

    7efff8fe7ae333f170af44650ec73deb9f179ed8346e127576f8eb2ec2ac450f

    SHA512

    1275a13deb8af5e60b33d302327d6c7ab21bc489941562cc3ca13c24e8e296e280c82cc1d48eb99517d7b35d62ce6dc2fbec6e4e5816bf1d7cf6edb8bd802a88

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1d5952f94fe1670d2ef4ed3cb62e61e9

    SHA1

    565e3028c81121013b8fc435e3e7be602e981ad4

    SHA256

    fe4f25c447503ee6d5f3c8ff332d1e4c87c86c715f0bcca38d14db69b8262b6e

    SHA512

    04f2341e59df2f52af2a2a7328e5e451a4ad99ff693baaaee8c695bb5274e44ec7fc4251700bdb1df3be86805728630e2b2dd4a9d5d15948ee5ecfe591050642

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9ce5675a65d7fffae03a0b77eb8c991d

    SHA1

    cbdfe41ca447256fc437b8a284cec75d9fd88d79

    SHA256

    8c6de49f754ce69037e0ca4ef6f1cbb0bffcb908a6684396b751118d35d1955e

    SHA512

    b609477961991f38c096c810385cc616c4108132cd2c19a744786c2232b21a10971b91103994211ff43a44c3ef034844994ce645fe1b7a0b88ea981d89bdb0f4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b3696506c76ac73348c1f4afcfc86a6f

    SHA1

    fb523097cb8b2bb5f658a5250ad8318937717609

    SHA256

    6c99ab3732c3c4b7b6ad45b347b4eab3a7b2d7e0a948e59bfdaad38d77d8aeaf

    SHA512

    45d73ea64451421a1aff680ffa5d9e7239a25ecabcec199bf627f8746ff93641e3d5fc9c5a3c98b1d49341a6a2e404d648af2953629baeeea295d7bed24de0ef

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d57ea3cd6a9115bcd6e12dd2722a2e1b

    SHA1

    a1a91c9f563fed63339ade3573567ac45153cad0

    SHA256

    c33137547342434b5880c09312cdc4a1591d83aadf6d798c0c80925d85008ad9

    SHA512

    a3d675a5ccec62095e17b429ba4cdce2f11f513f615d204ecb2e040753bcd8bf47d2bae84e1ea332338a5d29fc9c672feeea7218ef0a548cd0bc30e77ae3593a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    304e41d3d17003f2e5b33ddebdf9ddf5

    SHA1

    49ceb68d198c1af293043fbd3d0f0187a17711e6

    SHA256

    0428b7cc1c41ccdd5f0c549f86f432bd82ed025585434a446f232e65143e7d2c

    SHA512

    cc569a9aa2260db0e547874eec95a0e9a536ffd12dabc7d19e564deeb2c0809422d11e7efc0c1ca15dae336da3bf16cbd30b498e61e0f036b68f714b27d6850b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    afcc208148cd318dd59e45c6dbb43ab3

    SHA1

    c6d29909275730a54ee1980f2775ce07ed6de7c4

    SHA256

    5f401b00ca1a987dfdc05eaf13b941fe37dbeb4a6c6a0f6bbafe1d644d7c3fb9

    SHA512

    07d79e71d462df44bb12ef0b06825425b0e3dc1e37464fb2c324b12be59a654c984decba7c6c379c91d2660f741dcfb7564ba184e333b29d0c72c70dffd31556

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a545dff93a5b0986008212c4382302a8

    SHA1

    a1bcaf0a01d11d37f8a8e999d9c060f88d08ce7f

    SHA256

    1f825c92c7cac183227769e8f502ad73903c8f25622d795b0fbad8ae421efa91

    SHA512

    89076c80bde8ad6ab0ceb9a1bdd699124586fdf49df83a7d8f1fa03c66cc01f5a9031180c3ca229643465150740dd3b02030bedb8117b6b457565d82e6783643

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5a9f3e5106888bdb74562e56442e31f6

    SHA1

    3a8879ca91bec641759c0d21ec1bcd5479cc98cd

    SHA256

    8aecf0302689ef9ee48acb60b589bb7618e5731f0eb39eff05b963a32bfab73a

    SHA512

    5d1f0c51455ff5b0abcdfbfb629fa6b9263945f38f44a74abceadfe88fe4a373e67046930be74ab4b91d7d6a325926d0f50f94d7d64cf6b09f4154ecc974e742

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ab70775162ca3333163add087d295c87

    SHA1

    1e2280958d42126849f1a79c5305f3f95bb55d96

    SHA256

    9e2b47300f2f103843a97948f2d151b67792c8d8d38cd68159de58b78a30c7a1

    SHA512

    212b78d1c029a5f3b8174016627c033a58a5ae1ebd71caf03192eb5ca604942b5c1846b05b2bd044b741dd79ae5c8b5af6bc5184a593a719104be2447e2ccec5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ea72a2fe18aea220587c9f4369f83b73

    SHA1

    577cb5f557a33b05866c607c9827c7842e961844

    SHA256

    71394e6ec90d228eda14d2002344bf0ac1226b4cbcab694732aea21adb78cf15

    SHA512

    5f4f3bee98414c63129098bc7b1809cf886077cea3f40a780ffb99c542c63590bf79013377a7057f866e22c9beb1710aec1a3e31b0f446c7a68a69f05e251b41

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ef0452efdc2b4a3fe91721f9be65f88d

    SHA1

    54772dc3c5c52c20b045a030041ad8e7ddedb79a

    SHA256

    a3e0885582ba901acfb1f0e1966a69ce2a52466a2311013af66f19a3d8c081df

    SHA512

    af1aa0726b272a45c112b58d9017dd2417419a00faf33c9107f805090e61da7a31ecf11154ff2adfd0338b338c3303aeb5a0f5760e5bde12ed4793fe3621fdee

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    04e139f6ed81a4264d12bdc45266e857

    SHA1

    58e3bfa03ff9f5b76cd8c287b8e7287f9e829f12

    SHA256

    0d8b673753abfac052c24444b951d34e025b7216e6b8c8e92204e8b01688b949

    SHA512

    1629ae9a550f91bced949da070f6634bf139f74222a3e3acdc667c8620c98f31898b9947e3ad77e76db4f73041b423fd957c0ebd5e83f0f073e0bd355b489cba

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d8671046f4053542ef5fef2ecede3226

    SHA1

    777919f4b4cb6a3000b06132168bbe0e70adf2c3

    SHA256

    17435ad53d1f4cf4bc8e1cf9a62f70778b4fe0d1c2acd810ae3eb9be9bdc11c5

    SHA512

    5b37cca93789a663247c61d33b0ae9efc5d01972be143b9ba2f13a42f7203e2b0dca8a6fcee0c81f49c70858506d4b7dd87d5866110408b0240633a0614a358a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    eae50d550f2f715fe785cddf737a0ef2

    SHA1

    776a7a671cc74bee718ddd5c60603e5fa2289eb0

    SHA256

    4b9d44c3bb1994bda8b49aec39692393ed85f770e1daff2f09074bc80960459d

    SHA512

    2059e7cbca5ed0cf0b2c98d0b6670a20c79334521ffde052ff43a712342c496b839848e32c65d246bc1c38e8f2db9f36db04ad2ed23bf446163a2ab95ec337ba

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    52c0aae89a22bd86a714a78eca5fae12

    SHA1

    6435ad08c8b55445a249d4f4a75a6d1d46c6ac7f

    SHA256

    4c83a08a400ec75f51a9b2ac3c63f08690bdf2bc97d37cad36058033aee99c7f

    SHA512

    998e97decc98408304204553bf05b264f24580ee86aa0db8caa1d21ef32b6d64afc455b4a611cc93c4e0aacfbc23e24f548f86503245c2e2b583c7232d425f01

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    accb353e66d6911fd4d9b441c0f3588c

    SHA1

    122ffe9bd5f85857a9f81f7d56e6c4746a2f044e

    SHA256

    1924c15a45fcaa4ae25b7f9a5e7e2f780d04fbae2d643daabbdaf99337c46ef8

    SHA512

    4090cce51cfac4e4adb3cd10785f82153b2130a3e908d47f561c020d9595d8381b1b0f831d3f5a6f28b79e64924e3280c2db03bd62747d2244727fae0dd01d40

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab4368.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar43E9.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2140-17-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2140-24-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2140-2-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2140-4-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2140-6-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2140-9-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2140-10-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2164-21-0x0000000000400000-0x00000000004AA000-memory.dmp

    Filesize

    680KB

    Download

  • memory/2380-13-0x0000000000400000-0x00000000004C9000-memory.dmp

    Filesize

    804KB

    Download

  • memory/2380-14-0x0000000000400000-0x00000000004C9000-memory.dmp

    Filesize

    804KB

    Download

  • memory/2380-15-0x00000000006B0000-0x0000000000779000-memory.dmp

    Filesize

    804KB

    Download

  • memory/2380-1-0x0000000000320000-0x0000000000322000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2380-0-0x0000000000400000-0x00000000004C9000-memory.dmp

    Filesize

    804KB

    Download

  • memory/2380-885-0x00000000006B0000-0x0000000000779000-memory.dmp

    Filesize

    804KB

    Download