Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

26102023_2...a2.exe

windows7-x64

10

26102023_2...a2.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231020-en
  • resource tags

    arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
  • submitted
    26/10/2023, 15:26 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    26102023_2326_drkgate_data2.exe

  • Size

    405KB

  • MD5

    2c48c5f619dd7ad5b6d4c36f56489a66

  • SHA1

    661371c42e8aec0364a46210706cab150e42ede4

  • SHA256

    14ed8ae1a9d44a500f57fa0273162907c05e31d8da92c474944bbd74f55d19b1

  • SHA512

    62f28bb6ce33ef5598587819f5ec56ccccf138eef7b3e2d165ac9a0aa3c11da1b5e3f457ebdb05690e3d052961630876552f61e2bbfdb89533d0ba7b3327ae00

  • SSDEEP

    6144:V5UTExW+vRaLjH5XVEqVomFDXfRhnJWoS1gAlCWZ44w:jUTExWnLjH5XVEqVvvnJWoSiAlTZ4

Score
10/10
darkgateuser_871236672stealer

Malware Config

Extracted

Family

darkgate

Botnet

user_871236672

C2

http://hadfadf87yuadfad.com

Attributes
  • alternative_c2_port

    8080

  • anti_analysis

    true

  • anti_debug

    true

  • anti_vm

    true

  • c2_port

    2351

  • check_disk

    true

  • check_ram

    true

  • check_xeon

    true

  • crypter_au3

    false

  • crypter_dll

    false

  • crypter_rawstub

    true

  • crypto_key

    CbTWFsAhFuOWYT

  • internal_mutex

    txtMut

  • minimum_disk

    40

  • minimum_ram

    7000

  • ping_interval

    4

  • rootkit

    true

  • startup_persistence

    true

  • username

    user_871236672

Signatures

  • DarkGate

    DarkGate is an infostealer written in C++.

    stealerdarkgate
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

Processes

  • C:\Users\Admin\AppData\Local\Temp\26102023_2326_drkgate_data2.exe
    "C:\Users\Admin\AppData\Local\Temp\26102023_2326_drkgate_data2.exe"
    1⤵
    • Checks processor information in registry
    PID:2168

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2168-0-0x0000000000400000-0x0000000000465000-memory.dmp

    Filesize

    404KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.