Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    SecuriteInfo.com.Win32.TrojanX-gen.29310.32138.exe

  • Size

    1.6MB

  • Sample

    230504-xal1eaed78

  • MD5

    3d1072986b88dc6184e40ba0df6acfc2

  • SHA1

    3dced4443af3c9591c948c827ac5b02bd0d31029

  • SHA256

    8992b94e147a940a1da05b11631e28202c50840902fa372690485b49c415e4b5

  • SHA512

    6b072f7e1b617a1426faeffdc14b80259f2601f29f5df65953694917cfa9611379976424ec37ffe3d139f5abd1bff02146d968f6a47d96d57ab4de1bb32a626b

  • SSDEEP

    24576:rPKokfY5HGAg4y2oLeeHlQFwSohxt3jIwYg94ZIgUZ8K5BEuww4sXpA5jp9DTS2I:LZWY5mz4yJSfu/9IwYgeJuw7sX0jpd

Malware Config

Extracted

Family

darkcloud

C2

https://api.telegram.org/bot5955632087:AAGbHX-YygFpBeOiEaTfH9CY-2MMNrZcY48/sendMessage?chat_id=865011046

Targets

    • Target

      SecuriteInfo.com.Win32.TrojanX-gen.29310.32138.exe

    • Size

      1.6MB

    • MD5

      3d1072986b88dc6184e40ba0df6acfc2

    • SHA1

      3dced4443af3c9591c948c827ac5b02bd0d31029

    • SHA256

      8992b94e147a940a1da05b11631e28202c50840902fa372690485b49c415e4b5

    • SHA512

      6b072f7e1b617a1426faeffdc14b80259f2601f29f5df65953694917cfa9611379976424ec37ffe3d139f5abd1bff02146d968f6a47d96d57ab4de1bb32a626b

    • SSDEEP

      24576:rPKokfY5HGAg4y2oLeeHlQFwSohxt3jIwYg94ZIgUZ8K5BEuww4sXpA5jp9DTS2I:LZWY5mz4yJSfu/9IwYgeJuw7sX0jpd

    • DarkCloud

      An information stealer written in Visual Basic.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks