Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    SecuriteInfo.com.Zum.Androm.1.24234.31952.exe

  • Size

    452KB

  • Sample

    230719-asbwtsfe3z

  • MD5

    29e2c66bc44a433d6da95086cae40800

  • SHA1

    e41e56533dad36409b8f9d30e2bae8c22bba11c4

  • SHA256

    d4dacbc0546a45d26b7b9d58836b7905a919155b4063825988500e70c739d1f3

  • SHA512

    ec5a3913fd95f20d04b72d2eac55f71d0d54d63a21ccaece8768790833c48bdb78fd0120271c3fb59e0b335e50863dabb37d33cfd416b24a64def69238816685

  • SSDEEP

    12288:PYSahmsDnOhqRKHrJUovhWmtQNdVPfUgB1X3oNtHZyLHr:PYSahFDnOkRKLJUK6d9UgGALL

Malware Config

Extracted

Family

darkcloud

Attributes

Targets

    • Target

      SecuriteInfo.com.Zum.Androm.1.24234.31952.exe

    • Size

      452KB

    • MD5

      29e2c66bc44a433d6da95086cae40800

    • SHA1

      e41e56533dad36409b8f9d30e2bae8c22bba11c4

    • SHA256

      d4dacbc0546a45d26b7b9d58836b7905a919155b4063825988500e70c739d1f3

    • SHA512

      ec5a3913fd95f20d04b72d2eac55f71d0d54d63a21ccaece8768790833c48bdb78fd0120271c3fb59e0b335e50863dabb37d33cfd416b24a64def69238816685

    • SSDEEP

      12288:PYSahmsDnOhqRKHrJUovhWmtQNdVPfUgB1X3oNtHZyLHr:PYSahFDnOkRKLJUK6d9UgGALL

    • DarkCloud

      An information stealer written in Visual Basic.

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks