Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    JaffaCakes118_911d9491e25b440af867bf067f480f3e

  • Size

    343KB

  • Sample

    250117-txl25swpbp

  • MD5

    911d9491e25b440af867bf067f480f3e

  • SHA1

    6ac3143da1b02b648fc7e0c709c8ea347b032e6e

  • SHA256

    75ce20735b520ba56eb60eecd826e00a8dbef26c289f8e2186c7c7b48e933450

  • SHA512

    19c8bdeae48ba40b9f7ebcf29c9d9648ed1adb649d375fb9fede23aeecf1472e7dd27b2c5b653e76d12362bf4b5c39f1821428a1f4056964fc00a39fbae279e8

  • SSDEEP

    6144:4sBlY9yU2WkumJcjobRg1c3WJYsPf32sYxUBowHG:ZUhJfjoQKon3z4UPHG

Malware Config

Extracted

Family

cybergate

Version

v1.05.1

Botnet

remote

C2

127.0.0.1:999

Mutex

G8XJ3APBKGE7S7

Attributes
  • enable_keylogger

    true

  • enable_message_box

    false

  • ftp_directory

    ./logs/

  • ftp_interval

    30

  • injected_process

    explorer.exe

  • install_dir

    install

  • install_file

    server.exe

  • install_flag

    false

  • keylogger_enable_ftp

    false

  • message_box_caption

    Remote Administration anywhere in the world.

  • message_box_title

    CyberGate

  • password

    cybergate

Targets

    • Target

      JaffaCakes118_911d9491e25b440af867bf067f480f3e

    • Size

      343KB

    • MD5

      911d9491e25b440af867bf067f480f3e

    • SHA1

      6ac3143da1b02b648fc7e0c709c8ea347b032e6e

    • SHA256

      75ce20735b520ba56eb60eecd826e00a8dbef26c289f8e2186c7c7b48e933450

    • SHA512

      19c8bdeae48ba40b9f7ebcf29c9d9648ed1adb649d375fb9fede23aeecf1472e7dd27b2c5b653e76d12362bf4b5c39f1821428a1f4056964fc00a39fbae279e8

    • SSDEEP

      6144:4sBlY9yU2WkumJcjobRg1c3WJYsPf32sYxUBowHG:ZUhJfjoQKon3z4UPHG

    • CyberGate, Rebhip

      CyberGate is a lightweight remote administration tool with a wide array of functionalities.

    • Cybergate family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks