Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    files.cab

  • Size

    3.6MB

  • Sample

    240207-xcwydsgh5y

  • MD5

    9e1703f962e0783e4554f48e0ff47fa6

  • SHA1

    e451d50985eacf7b716870e0062f062003f327b5

  • SHA256

    255c0904241488153c4ee4f07bfbf5f8e8165aa32b73a8f5eb58c65dabf6fdec

  • SHA512

    09ee93e2dc06c046af86d7923b8b3f7884226f16b652e240a710945831b421993ad6abbd282be959329e8a3546fa1fa6eff964e81e76067b1e734d440fcff45d

  • SSDEEP

    49152:Q9qhCxzT+WKjSXNJzLVI42Hdd8PWokdCvmmmmmmmmE/5vfH2xexG8JN6DB/:QCQNVLe5HXSW55vfHkexGsQ

Malware Config

Extracted

Family

darkgate

Botnet

admin888

C2

strongdomainsercgerhhost.com

Attributes
  • anti_analysis

    true

  • anti_debug

    false

  • anti_vm

    false

  • c2_port

    443

  • check_disk

    true

  • check_ram

    true

  • check_xeon

    false

  • crypter_au3

    false

  • crypter_dll

    false

  • crypter_raw_stub

    false

  • internal_mutex

    VMKaaNDw

  • minimum_disk

    70

  • minimum_ram

    4096

  • ping_interval

    6

  • rootkit

    false

  • startup_persistence

    true

  • username

    admin888

Targets

    • Target

      iTunesHelper.exe

    • Size

      358KB

    • MD5

      ed6a1c72a75dee15a6fa75873cd64975

    • SHA1

      67a15ca72e3156f8be6c46391e184087e47f4a0d

    • SHA256

      0d8878cca08903777888b3681f90e4a07c7aef7d9600a67dfa985844d4bf5eda

    • SHA512

      256c2ebfeb42c2d3340d8bb423ef0ae48d5fb9fe5ca09c363595f51a03007482b67a777e4cae7a8194f69bc3a3fbcdb9abb5c9f92097925272431bb9d50f5c03

    • SSDEEP

      6144:TjZtNtzxEFQVLEhZbblN4W6ZDNFfEai23+FM2+zIv+98vS:ZRxMQLEhZXybF8Ut4o8a

    • DarkGate

      DarkGate is an infostealer written in C++.

    • Darkgate family

    • Detect DarkGate stealer

    • Command and Scripting Interpreter: AutoIT

      Using AutoIT for possible automate script.

MITRE ATT&CK Enterprise v15

Tasks