cybergate | 6de5e69c368f730fc0e9634f84fdd0bd5645c72db8c2391711e523333105cbd1 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

E48AE38CD6...E8.exe

windows7-x64

5

E48AE38CD6...E8.exe

windows10-2004-x64

5

Sharing

General

Target

E48AE38CD6A92A4C7891B96B8DC7D2E8.exe
Size

277KB
Sample

250315-xkkkbszyhy
MD5

e48ae38cd6a92a4c7891b96b8dc7d2e8
SHA1

64573e4b1af88ecec96bfd76786030ac37d2c9b2
SHA256

6de5e69c368f730fc0e9634f84fdd0bd5645c72db8c2391711e523333105cbd1
SHA512

ff1fdc304bf84675bdef7f57be60b2062b6d70d29cfe2db978f76e8f3b5ec05f928f0daaf6e82703479a8d650fcdeb1fb58731fcd497dd0b80464c8f4fd7aacd
SSDEEP

6144:XyuMwiLdfC2m7mrUsqWBn837FNldObO3k1jI:iuMwf2m77sZB07FxObO32M

Score

10^/10

cybergate remote discovery upx

Static task

static1

remote cybergate

2 signatures

Behavioral task

behavioral1

Sample

E48AE38CD6A92A4C7891B96B8DC7D2E8.exe

Resource

win7-20241023-en

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

E48AE38CD6A92A4C7891B96B8DC7D2E8.exe

Resource

win10v2004-20250314-en

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

cybergate

Version

v3.4.2.2

Botnet

remote

C2

asade.no-ip.org:25565

Mutex

8IDQ0416AW42J8

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./logs
ftp_interval
30
injected_process
explorer.exe
install_dir
systems
install_file
windows.exe
install_flag
false
keylogger_enable_ftp
false
message_box_caption
Îøèáêà ñïåêòðà îñâåùåííîñòè âåá-êàìåðû, îáíîâëåíèå íåâîçìîæíî.Êîìïüþòåð áóäåò ïåðåçàãðóæåí.
message_box_title
Îøèáêà!
password
cybergate
regkey_hkcu
system
regkey_hklm
svchost

Targets

- Target
  
  E48AE38CD6A92A4C7891B96B8DC7D2E8.exe
- Size
  
  277KB
- MD5
  
  e48ae38cd6a92a4c7891b96b8dc7d2e8
- SHA1
  
  64573e4b1af88ecec96bfd76786030ac37d2c9b2
- SHA256
  
  6de5e69c368f730fc0e9634f84fdd0bd5645c72db8c2391711e523333105cbd1
- SHA512
  
  ff1fdc304bf84675bdef7f57be60b2062b6d70d29cfe2db978f76e8f3b5ec05f928f0daaf6e82703479a8d650fcdeb1fb58731fcd497dd0b80464c8f4fd7aacd
- SSDEEP
  
  6144:XyuMwiLdfC2m7mrUsqWBn837FNldObO3k1jI:iuMwf2m77sZB07FxObO32M
Score

5^/10

discovery upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

remotecybergate

behavioral1

behavioral2

© 2018-2025

Terms | Privacy