Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
37s -
max time network
32s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
-
submitted
11/10/2023, 09:20
General
-
Target
DarkGateUnpacked.exe
-
Size
481KB
-
MD5
83037a444567a6d47b6221288cdad4e9
-
SHA1
7cf2487dc111a590f9db5c041f9f3ad84622e044
-
SHA256
6750f31ef5e1fe74c1121b0ab1308f93e09505a63322b6ce16fe04099ce8993e
-
SHA512
15cce4f2c4e12c0e71a5fbbeb7c9074b3648a5adf50afeb4df5d57ab6dfd1a8a29a3a9d09dbfa71d8cc3aa46e4be7e99493872a88480639b4d1442ad559bcfd6
-
SSDEEP
12288:73wfF2uWIOyAxbhWyElk3Xb8ruWqW3GMRIYQIpePqnu5/9aJCE:7S2uWyAXWyElwL8rjv3qYdpeP+u581
Score
10/10
Malware Config
Extracted
Family
darkgate
Botnet
AA11
C2
http://94.228.169.143
Attributes
-
alternative_c2_port
8080
-
anti_analysis
true
-
anti_debug
true
-
anti_vm
false
-
c2_port
2351
-
check_disk
false
-
check_ram
false
-
check_xeon
false
-
crypter_au3
true
-
crypter_dll
false
-
crypter_rawstub
false
-
crypto_key
YZlHPyuiLOFTOL
-
internal_mutex
txtMut
-
minimum_disk
100
-
minimum_ram
4096
-
ping_interval
4
-
rootkit
true
-
startup_persistence
true
-
username
AA11
Signatures
-
DarkGate
DarkGate is an infostealer written in C++.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes
-
C:\Users\Admin\AppData\Local\Temp\DarkGateUnpacked.exe"C:\Users\Admin\AppData\Local\Temp\DarkGateUnpacked.exe"1⤵
- Checks processor information in registry
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
512KB