Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    7adff3b753b86dd76bf901eaf1fd0ab5.bin

  • Size

    65KB

  • Sample

    231105-cs5v1sbf56

  • MD5

    dc6e0f22b6eec05cc3840674563efff1

  • SHA1

    ec380671eb8d803d9d329ed59d48eb5ec3215e22

  • SHA256

    9e79be50cd52e5d2595658a2a92db70ed6ebd22b22343063180dd9914695d2f8

  • SHA512

    4902870abcc42cf76ebb8699f3073f4baa98f9287cda9ec7a4e40b4f12109efb14d1946c0c124973c0e7c2466f96a4514b06fd4f3fa5d808ed5e9a8915961c4d

  • SSDEEP

    1536:bFht7VwDv8qbHQ09H+W+rjcKQr/Tq0lVSHtvKbkNhpP3qUq6VBFSk2:bFht7yD0Xs+WsQqE6KbEX3JbFSk2

Malware Config

Extracted

Family

darkgate

Botnet

user_871236672

C2

http://showmoreresultonliner.com

Attributes
  • alternative_c2_port

    8080

  • anti_analysis

    true

  • anti_debug

    true

  • anti_vm

    true

  • c2_port

    2351

  • check_disk

    true

  • check_ram

    true

  • check_xeon

    false

  • crypter_au3

    false

  • crypter_dll

    false

  • crypter_rawstub

    true

  • crypto_key

    DDfcMjFaEKfNOW

  • internal_mutex

    txtMut

  • minimum_disk

    60

  • minimum_ram

    6000

  • ping_interval

    4

  • rootkit

    true

  • startup_persistence

    true

  • username

    user_871236672

Targets

    • Target

      GGGGGElicnse.js

    • Size

      253KB

    • MD5

      bb897b6af926de14bba7e9752318061a

    • SHA1

      2dbd55f9cedb96553a18cb863e27b8d608cce40c

    • SHA256

      ae0f7106f8b0e11c5526a8f1326c4705266a24cc933b5caa4dca735692cd959f

    • SHA512

      9c0e544f9748339b1c6e480468f8d8fde1601ba9c2bf9c17c1d5858f640dc197ebd2dc93a78f3cb525f7bc8887ba45eb678e2dbbd52a3f9dbd65ae543672d09b

    • SSDEEP

      6144:de7hgXeerjqlI2Iro+W8Bne7hgXeerjqlI2Iro+8:dIhgSlI23J8pIhgSlI23V

    • DarkGate

      DarkGate is an infostealer written in C++.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks