Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d0ed48dc78456b10468e70beceb2fef7_JaffaCakes118

  • Size

    290KB

  • Sample

    241207-ggvywsvkhp

  • MD5

    d0ed48dc78456b10468e70beceb2fef7

  • SHA1

    6406fba369f07a090696f35d94f525922ebc9387

  • SHA256

    d845d2b0787c9e10d0e317b5f746068db0922a09c676c95906a223d622cd3051

  • SHA512

    25a8f17a00f20322e80ddd906c47feb6526d7609f84a3e860b6e62e1af75df7d0c04456c2f7c83324085558dde01a40409857117b519dab294cef771233c96c6

  • SSDEEP

    6144:MGcD6Jt+jG5JGmrpQsK3RD2u270juJCJsCxCW:dcD6Jo/Z2zkvaCx/

Malware Config

Extracted

Family

cybergate

Version

2.6

Botnet

vítima

C2

memo6767.no-ip.org:1759

Mutex

***MUTEX***

Attributes
  • enable_keylogger

    true

  • enable_message_box

    false

  • ftp_directory

    ./logs/

  • ftp_interval

    30

  • injected_process

    explorer.exe

  • install_dir

    install

  • install_file

    server.exe

  • install_flag

    true

  • keylogger_enable_ftp

    false

  • message_box_caption

    texto da mensagem

  • message_box_title

    título da mensagem

  • password

    abcd1234

Targets

    • Target

      d0ed48dc78456b10468e70beceb2fef7_JaffaCakes118

    • Size

      290KB

    • MD5

      d0ed48dc78456b10468e70beceb2fef7

    • SHA1

      6406fba369f07a090696f35d94f525922ebc9387

    • SHA256

      d845d2b0787c9e10d0e317b5f746068db0922a09c676c95906a223d622cd3051

    • SHA512

      25a8f17a00f20322e80ddd906c47feb6526d7609f84a3e860b6e62e1af75df7d0c04456c2f7c83324085558dde01a40409857117b519dab294cef771233c96c6

    • SSDEEP

      6144:MGcD6Jt+jG5JGmrpQsK3RD2u270juJCJsCxCW:dcD6Jo/Z2zkvaCx/

    • CyberGate, Rebhip

      CyberGate is a lightweight remote administration tool with a wide array of functionalities.

    • Cybergate family

    • Adds policy Run key to start application

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks