Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Payment Slip.zip

  • Size

    322KB

  • Sample

    230721-he886scd44

  • MD5

    2d84ab343d6a81a23fdafd58d6af61cf

  • SHA1

    c42098dbe353d4147a12394b86977edf5d8e9314

  • SHA256

    9e4411dbb164a26bb03294a5911441ff0aa25a97fc1f961f0b6d1795cdff4971

  • SHA512

    a1db5d25f0ad37779b27c51908df0f6ceb42c1ac8e78deb1830c815a18a938ebae3798b3b4b17aaa47ab6e3ec8d74fbac449548fb7943be5394660db95ec8f2c

  • SSDEEP

    6144:DpU8PL885f3KY0vH4i09ivkFiUqu/WHDQ2VtpJhKGEf:5PL885f6hvYi0kkFiUteHM2LFAf

Malware Config

Extracted

Family

darkcloud

Attributes

Targets

    • Target

      Payment Slip.exe

    • Size

      336KB

    • MD5

      66cc22ed167cdaef60b10efd54949ff6

    • SHA1

      bbe7a39f01333346c8e3bcfbf73e4c484a3bc2cd

    • SHA256

      78fbd42e5b8ac36090e1765cb86e573a4d8f2c3e1b6339c3e081343e74967943

    • SHA512

      57c4c110a59c104af9ddee66d75a62330d985d83d604f3131920449265a9e2f2b5aa36f34da1b8fb86fe3875c254e27bfb87f51f32bc699ec465db4d1786640e

    • SSDEEP

      6144:/Ya6D86Y0vp4i0viRcFiU+0/WHT22FtdJ9KGTV:/YpThvOi0OcFiUdeHa27dXV

    • DarkCloud

      An information stealer written in Visual Basic.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks