Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    JaffaCakes118_544082af80cf6e04badd723fc08c66ae

  • Size

    281KB

  • Sample

    250115-mec8yszmdy

  • MD5

    544082af80cf6e04badd723fc08c66ae

  • SHA1

    bbb36236f150d0292939e381966550c595b7ed2a

  • SHA256

    75dc907ce32bf4541b3f5d9660510d08cfd1465c199ec06119172799a40abd37

  • SHA512

    666f59f051b9e9f964001c09619b3e4c57d8d7aeeed7c420f7777790bfb41f9c953803011cc06a97fb6c9adb8a5c5e727903fee73d4d0d1cfa584801f7f038b6

  • SSDEEP

    6144:Oy+phhTwlTLfkixFUQKf3D7TnBAZ5qhbxb:L+pP0lYixsfvDBAzK9b

Malware Config

Extracted

Family

cybergate

Version

v1.11.0 - Public Version

Botnet

remote

C2

127.0.0.1:999

nin.myftp.biz:999

Mutex

864G4A0337L24Q

Attributes
  • enable_keylogger

    true

  • enable_message_box

    true

  • ftp_directory

    ./logs

  • ftp_interval

    30

  • injected_process

    explorer.exe

  • install_dir

    rundll

  • install_file

    rundll.exe

  • install_flag

    true

  • keylogger_enable_ftp

    false

  • message_box_caption

    Tente mais tarde! Desculpe.

  • message_box_title

    windows xp

  • password

    696969

  • regkey_hkcu

    HKCU

  • regkey_hklm

    HKLM

Targets

    • Target

      JaffaCakes118_544082af80cf6e04badd723fc08c66ae

    • Size

      281KB

    • MD5

      544082af80cf6e04badd723fc08c66ae

    • SHA1

      bbb36236f150d0292939e381966550c595b7ed2a

    • SHA256

      75dc907ce32bf4541b3f5d9660510d08cfd1465c199ec06119172799a40abd37

    • SHA512

      666f59f051b9e9f964001c09619b3e4c57d8d7aeeed7c420f7777790bfb41f9c953803011cc06a97fb6c9adb8a5c5e727903fee73d4d0d1cfa584801f7f038b6

    • SSDEEP

      6144:Oy+phhTwlTLfkixFUQKf3D7TnBAZ5qhbxb:L+pP0lYixsfvDBAzK9b

    • CyberGate, Rebhip

      CyberGate is a lightweight remote administration tool with a wide array of functionalities.

    • Cybergate family

    • Adds policy Run key to start application

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Adds Run key to start application

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.