Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

JaffaCakes...e1.exe

windows7-x64

10

JaffaCakes...e1.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_db4489c3a14f61dbd6c72f9f07d0ace1

  • Size

    484KB

  • Sample

    250120-ehjwxazqfk

  • MD5

    db4489c3a14f61dbd6c72f9f07d0ace1

  • SHA1

    7f8e6c096fa8039b8532928f2276a5b019722724

  • SHA256

    2eba27da6360056c02be100d686f7828a2320e6c38bfae483b160919f0b367d5

  • SHA512

    7d84d41d3afb0016a64f765ac23db03bdb329442bf1f4bf81b5d1e5a59267c8f22f6cf2daa829f0449135931a64435e4ec752d9d33ed117c37b41b12b31c0a69

  • SSDEEP

    12288:fKS1m3MwkqKwojlmsagDgkiCxmm6pjlnE4Ids:fKS19gojlogDgTm6pjlnGs

Score
10/10
cybergate????????discoverypersistencestealertrojanupx

Malware Config

Extracted

Family

cybergate

Version

2.6

Botnet

????????

C2

eto.no-ip.biz:84

Mutex

***MUTEX***

Attributes
  • enable_keylogger

    false

  • enable_message_box

    false

  • ftp_directory

    ./logs/

  • ftp_interval

    30

  • injected_process

    svchost.exe

  • install_dir

    svchost.exe

  • install_file

    svchost.exe

  • install_flag

    true

  • keylogger_enable_ftp

    false

  • message_box_caption

    texto da mensagem

  • message_box_title

    título da mensagem

  • password

    123456

  • regkey_hkcu

    svchost.exe

  • regkey_hklm

    svchost.exe

Targets

    • Target

      JaffaCakes118_db4489c3a14f61dbd6c72f9f07d0ace1

    • Size

      484KB

    • MD5

      db4489c3a14f61dbd6c72f9f07d0ace1

    • SHA1

      7f8e6c096fa8039b8532928f2276a5b019722724

    • SHA256

      2eba27da6360056c02be100d686f7828a2320e6c38bfae483b160919f0b367d5

    • SHA512

      7d84d41d3afb0016a64f765ac23db03bdb329442bf1f4bf81b5d1e5a59267c8f22f6cf2daa829f0449135931a64435e4ec752d9d33ed117c37b41b12b31c0a69

    • SSDEEP

      12288:fKS1m3MwkqKwojlmsagDgkiCxmm6pjlnE4Ids:fKS19gojlogDgTm6pjlnGs

    Score
    10/10
    cybergate????????discoverypersistencestealertrojanupx

    • CyberGate, Rebhip

      CyberGate is a lightweight remote administration tool with a wide array of functionalities.

      trojanstealercybergate

    • Cybergate family

      cybergate

    • Adds policy Run key to start application

      persistence

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.