Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
7adff3b753b86dd76bf901eaf1fd0ab5.bin
-
Size
65KB
-
Sample
231105-cs5v1sbf56
-
MD5
dc6e0f22b6eec05cc3840674563efff1
-
SHA1
ec380671eb8d803d9d329ed59d48eb5ec3215e22
-
SHA256
9e79be50cd52e5d2595658a2a92db70ed6ebd22b22343063180dd9914695d2f8
-
SHA512
4902870abcc42cf76ebb8699f3073f4baa98f9287cda9ec7a4e40b4f12109efb14d1946c0c124973c0e7c2466f96a4514b06fd4f3fa5d808ed5e9a8915961c4d
-
SSDEEP
1536:bFht7VwDv8qbHQ09H+W+rjcKQr/Tq0lVSHtvKbkNhpP3qUq6VBFSk2:bFht7yD0Xs+WsQqE6KbEX3JbFSk2
Static task
static1
Behavioral task
behavioral1
Sample
GGGGGElicnse.js
Resource
win7-20231025-en
Behavioral task
behavioral2
Sample
GGGGGElicnse.js
Resource
win10v2004-20231020-en
Malware Config
Extracted
darkgate
user_871236672
http://showmoreresultonliner.com
-
alternative_c2_port
8080
-
anti_analysis
true
-
anti_debug
true
-
anti_vm
true
-
c2_port
2351
-
check_disk
true
-
check_ram
true
-
check_xeon
false
-
crypter_au3
false
-
crypter_dll
false
-
crypter_rawstub
true
-
crypto_key
DDfcMjFaEKfNOW
-
internal_mutex
txtMut
-
minimum_disk
60
-
minimum_ram
6000
-
ping_interval
4
-
rootkit
true
-
startup_persistence
true
-
username
user_871236672
Targets
-
-
Target
GGGGGElicnse.js
-
Size
253KB
-
MD5
bb897b6af926de14bba7e9752318061a
-
SHA1
2dbd55f9cedb96553a18cb863e27b8d608cce40c
-
SHA256
ae0f7106f8b0e11c5526a8f1326c4705266a24cc933b5caa4dca735692cd959f
-
SHA512
9c0e544f9748339b1c6e480468f8d8fde1601ba9c2bf9c17c1d5858f640dc197ebd2dc93a78f3cb525f7bc8887ba45eb678e2dbbd52a3f9dbd65ae543672d09b
-
SSDEEP
6144:de7hgXeerjqlI2Iro+W8Bne7hgXeerjqlI2Iro+8:dIhgSlI23J8pIhgSlI23V
Score10/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-