Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    JaffaCakes118_e70cc662a450e904830d68f18e3c6bb7

  • Size

    757KB

  • Sample

    250120-pkw95ayncy

  • MD5

    e70cc662a450e904830d68f18e3c6bb7

  • SHA1

    93d6bdb1f4def28756fd9f828bdf87e651fd3007

  • SHA256

    1c6b1713a4ed328261ec5fc711d837f7f4f463fed7229c583f994c273c919bc1

  • SHA512

    0c592e2470e8f6f2a2d87257faadd7ed39c6fd3b5e1983a38bf4187dde9e350e1a74a1bf77a84c708b764bb6f14770c384897b35e916754ef630355e05da6a3b

  • SSDEEP

    12288:52YLSal/iPX0lUkjhvdRqL8xn6eztJ28GcJJFWXWrP0P9M8OKnQ9BTGxGx:jSal/HNvdsaltJYuJFWXWrPWBnQ3TGxE

Malware Config

Extracted

Family

cybergate

Version

2.7 Final

Botnet

gmail.no-ip.org

C2

127.0.0.1:81

gmail.no-ip.org:81

Mutex

***MUTEX***

Attributes
  • enable_keylogger

    true

  • enable_message_box

    false

  • ftp_directory

    ./logs/

  • ftp_interval

    30

  • injected_process

    explorer.exe

  • install_dir

    install

  • install_file

    server.exe

  • install_flag

    true

  • keylogger_enable_ftp

    false

  • message_box_caption

    texto da mensagem

  • message_box_title

    título da mensagem

  • password

    salsabil

  • regkey_hklm

    HKLM

Targets

    • Target

      JaffaCakes118_e70cc662a450e904830d68f18e3c6bb7

    • Size

      757KB

    • MD5

      e70cc662a450e904830d68f18e3c6bb7

    • SHA1

      93d6bdb1f4def28756fd9f828bdf87e651fd3007

    • SHA256

      1c6b1713a4ed328261ec5fc711d837f7f4f463fed7229c583f994c273c919bc1

    • SHA512

      0c592e2470e8f6f2a2d87257faadd7ed39c6fd3b5e1983a38bf4187dde9e350e1a74a1bf77a84c708b764bb6f14770c384897b35e916754ef630355e05da6a3b

    • SSDEEP

      12288:52YLSal/iPX0lUkjhvdRqL8xn6eztJ28GcJJFWXWrP0P9M8OKnQ9BTGxGx:jSal/HNvdsaltJYuJFWXWrPWBnQ3TGxE

    • CyberGate, Rebhip

      CyberGate is a lightweight remote administration tool with a wide array of functionalities.

    • Cybergate family

    • Adds policy Run key to start application

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.