Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
ACH-8503-15March.xlsx
-
Size
48KB
-
Sample
240315-tw4kssda4z
-
MD5
f26561f2e03be889c91d12fdd4c2efaf
-
SHA1
bc37513e228202b086bfa4a956c919eaf76b7223
-
SHA256
4ae1c188272b686bf076356fc9bf3a1964201c5848609991412be5e02a99fdc9
-
SHA512
5cc1c38a4ff5374aca259d6fb40aeac39ac4fe588d62a92c23eaa92e6c89d94830c95fbff145dbc6108e1e55b41cb38024beba8f0eb4d48360641ea4c8be46db
-
SSDEEP
768:ZFlppbq6i4Y/TJC4xJMxXcvFLwAPq4Sxv9PvEgzegYN1T/N:tLq94YV7JMxXyd4x+gzexTl
Static task
static1
Malware Config
Extracted
darkgate
admin888
diveupdown.com
-
anti_analysis
true
-
anti_debug
false
-
anti_vm
true
-
c2_port
80
-
check_disk
false
-
check_ram
false
-
check_xeon
false
-
crypter_au3
false
-
crypter_dll
false
-
crypter_raw_stub
false
-
internal_mutex
VfiPBBhr
-
minimum_disk
50
-
minimum_ram
4000
-
ping_interval
6
-
rootkit
false
-
startup_persistence
true
-
username
admin888
Targets
-
-
Target
ACH-8503-15March.xlsx
-
Size
48KB
-
MD5
f26561f2e03be889c91d12fdd4c2efaf
-
SHA1
bc37513e228202b086bfa4a956c919eaf76b7223
-
SHA256
4ae1c188272b686bf076356fc9bf3a1964201c5848609991412be5e02a99fdc9
-
SHA512
5cc1c38a4ff5374aca259d6fb40aeac39ac4fe588d62a92c23eaa92e6c89d94830c95fbff145dbc6108e1e55b41cb38024beba8f0eb4d48360641ea4c8be46db
-
SSDEEP
768:ZFlppbq6i4Y/TJC4xJMxXcvFLwAPq4Sxv9PvEgzegYN1T/N:tLq94YV7JMxXyd4x+gzexTl
-
Detect DarkGate stealer
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Executes dropped EXE
-