Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Agba.lnk
-
Size
1KB
-
Sample
240209-xcedcadf5t
-
MD5
93295fcc7a8a293691452752e7ee65c2
-
SHA1
9f62a604cb60916f378dcdae647aa2ebdd9a4d6c
-
SHA256
59fd27ae5232b13b560abee552f9cec716b00cd9ca4273b36a4ab714c6a01533
-
SHA512
b20b01e4d9d878c6acf99051372a55bdc1a32239ed600964b42f40704d56a2c37b75f1b270c4c2b1fd005d82f96de68b4988f1706619c74881c32fa446421f21
Static task
static1
Behavioral task
behavioral1
Sample
Agba.lnk
Resource
win10v2004-20231215-en
Malware Config
Extracted
http://172.86.101.170/chache
Targets
-
-
Target
Agba.lnk
-
Size
1KB
-
MD5
93295fcc7a8a293691452752e7ee65c2
-
SHA1
9f62a604cb60916f378dcdae647aa2ebdd9a4d6c
-
SHA256
59fd27ae5232b13b560abee552f9cec716b00cd9ca4273b36a4ab714c6a01533
-
SHA512
b20b01e4d9d878c6acf99051372a55bdc1a32239ed600964b42f40704d56a2c37b75f1b270c4c2b1fd005d82f96de68b4988f1706619c74881c32fa446421f21
Score10/10-
Detect DarkGate stealer
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-