Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
JaffaCakes118_785a5b4bb3e276185d65910ae18f5010
-
Size
296KB
-
MD5
785a5b4bb3e276185d65910ae18f5010
-
SHA1
49d0bc885167ea112466ade6df85a695f936994c
-
SHA256
41d6135ba65716a8f9445624a21584b8dff0b42986dca2975c3f3ce64018c101
-
SHA512
2f49d9228f2b27999656ffb4e0be1ed69ed959267abfd2e888183a394fea0f2cf4110cee6e238b52ac2f9ff7100993a5e001bc2ee43be674606482c92881cf93
-
SSDEEP
6144:POpslFlqdhdBCkWYxuukP1pjSKSNVkq/MVJbq:PwslgTBd47GLRMTbq
Score
10/10
Malware Config
Extracted
Family
cybergate
Version
v1.07.5
Botnet
premium
C2
arseeem.no-ip.biz:82
Mutex
2XUD5G46J8B001
Attributes
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
svchost.exe
-
install_dir
svchost
-
install_file
svchost.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
Remote Administration anywhere in the world.
-
message_box_title
CyberGate
-
password
radeon
-
regkey_hkcu
HKCU
-
regkey_hklm
HKLM
Signatures
-
Cybergate family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
JaffaCakes118_785a5b4bb3e276185d65910ae18f5010
Headers
Sections