Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

1.7z

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1.7z

  • Size

    1.9MB

  • Sample

    230828-zp22aaah9s

  • MD5

    449fe8c8503ecfb77666a1a5497c8349

  • SHA1

    c037ccffe803333e0842c6d9474de91ab680838c

  • SHA256

    65370c73c41aa4d1f0e222eba60fc177fd3ecfc90376dfb3400dadf4e016831b

  • SHA512

    7df0436aac9e6e31a77e48d821a270d47b9ae83202b1ae0a6203f3a2d873a92e51656b813d960260f27f5b92accc66d99bcc5dfe5f3677d4dee068874ae311b3

  • SSDEEP

    49152:6Vx9Sv1StVUt6Sflxtz5xjnZcP9dZdE7U+YbBqcNURDGm/rxk6:dgzUt6W9z+9fdEA+o06Urr3

Score
10/10
darkgatestealer

Malware Config

Extracted

Family

darkgate

C2

http://179.60.149.

http://80.66.88.14

http://107.181.161.20

Targets

    • Target

      1.7z

    • Size

      1.9MB

    • MD5

      449fe8c8503ecfb77666a1a5497c8349

    • SHA1

      c037ccffe803333e0842c6d9474de91ab680838c

    • SHA256

      65370c73c41aa4d1f0e222eba60fc177fd3ecfc90376dfb3400dadf4e016831b

    • SHA512

      7df0436aac9e6e31a77e48d821a270d47b9ae83202b1ae0a6203f3a2d873a92e51656b813d960260f27f5b92accc66d99bcc5dfe5f3677d4dee068874ae311b3

    • SSDEEP

      49152:6Vx9Sv1StVUt6Sflxtz5xjnZcP9dZdE7U+YbBqcNURDGm/rxk6:dgzUt6W9z+9fdEA+o06Urr3

    Score
    10/10
    darkgatestealer

    • DarkGate

      DarkGate is an infostealer written in C++.

      stealerdarkgate

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Blocklisted process makes network request

    • Drops startup file

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks