Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    009029201_Alu Payment DUE Outstanding.exe

  • Size

    911KB

  • Sample

    230922-g67zraea6s

  • MD5

    6a796148a25bea3bec318ff96b9f6675

  • SHA1

    3ef1b848f0b21feb225430f2f8609c3b12ed1339

  • SHA256

    0ef8690ac5fbda00640852fe323d69dcc7df51d9a367070500d37529148a37df

  • SHA512

    482336dc1ad64e909951187427d4c62c1dbcfb807d08f0413e6e2134624ba9e82b17b6b8164a2785427b9d30993a48296d38869b5277d62e8cda2c817f6bffba

  • SSDEEP

    24576:+3jC+JA7QnoFGkqGsmzJqUfefRdxE/6vk:8m+7nooGsmzJqmepdi/6v

Score
10/10

Malware Config

Extracted

Family

darkcloud

C2

https://api.telegram.org/bot5637864859:AAHatMmLjO3i5zaPb5Ppy5_wDiRtKwQUbSU/sendMessage?chat_id=5990783030

Targets

    • Target

      009029201_Alu Payment DUE Outstanding.exe

    • Size

      911KB

    • MD5

      6a796148a25bea3bec318ff96b9f6675

    • SHA1

      3ef1b848f0b21feb225430f2f8609c3b12ed1339

    • SHA256

      0ef8690ac5fbda00640852fe323d69dcc7df51d9a367070500d37529148a37df

    • SHA512

      482336dc1ad64e909951187427d4c62c1dbcfb807d08f0413e6e2134624ba9e82b17b6b8164a2785427b9d30993a48296d38869b5277d62e8cda2c817f6bffba

    • SSDEEP

      24576:+3jC+JA7QnoFGkqGsmzJqUfefRdxE/6vk:8m+7nooGsmzJqmepdi/6v

    Score
    10/10
    • DarkCloud

      An information stealer written in Visual Basic.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks