Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
JaffaCakes118_911d9491e25b440af867bf067f480f3e
-
Size
343KB
-
Sample
250117-txl25swpbp
-
MD5
911d9491e25b440af867bf067f480f3e
-
SHA1
6ac3143da1b02b648fc7e0c709c8ea347b032e6e
-
SHA256
75ce20735b520ba56eb60eecd826e00a8dbef26c289f8e2186c7c7b48e933450
-
SHA512
19c8bdeae48ba40b9f7ebcf29c9d9648ed1adb649d375fb9fede23aeecf1472e7dd27b2c5b653e76d12362bf4b5c39f1821428a1f4056964fc00a39fbae279e8
-
SSDEEP
6144:4sBlY9yU2WkumJcjobRg1c3WJYsPf32sYxUBowHG:ZUhJfjoQKon3z4UPHG
Malware Config
Extracted
cybergate
v1.05.1
remote
127.0.0.1:999
G8XJ3APBKGE7S7
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
install
-
install_file
server.exe
-
install_flag
false
-
keylogger_enable_ftp
false
-
message_box_caption
Remote Administration anywhere in the world.
-
message_box_title
CyberGate
-
password
cybergate
Targets
-
-
Target
JaffaCakes118_911d9491e25b440af867bf067f480f3e
-
Size
343KB
-
MD5
911d9491e25b440af867bf067f480f3e
-
SHA1
6ac3143da1b02b648fc7e0c709c8ea347b032e6e
-
SHA256
75ce20735b520ba56eb60eecd826e00a8dbef26c289f8e2186c7c7b48e933450
-
SHA512
19c8bdeae48ba40b9f7ebcf29c9d9648ed1adb649d375fb9fede23aeecf1472e7dd27b2c5b653e76d12362bf4b5c39f1821428a1f4056964fc00a39fbae279e8
-
SSDEEP
6144:4sBlY9yU2WkumJcjobRg1c3WJYsPf32sYxUBowHG:ZUhJfjoQKon3z4UPHG
Score10/10-
CyberGate, Rebhip
CyberGate is a lightweight remote administration tool with a wide array of functionalities.
-
Cybergate family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-