Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

Tax_Docume...RS.dll

windows7-x64

10

Tax_Docume...RS.dll

windows10-2004-x64

10

Tax_Docume...nt.exe

windows7-x64

10

Tax_Docume...nt.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    05042024_0242_Tax_Document.zip

  • Size

    1.3MB

  • Sample

    240404-xcdf2sfa6x

  • MD5

    268e1927c0b44ab25b8b1ee361dfa0ce

  • SHA1

    21082b0b99a0a19313f11d09eed3a7b430d39125

  • SHA256

    695447796ff245ab4531d092f4cb566e79e1aafd9b5c28f606059fdeafbbe6b6

  • SHA512

    8232c923930e2d6eb51cad4b87af1837a8f93f8676d2ad957eb84aac55c10c7f3240b69f66c20168bb583df0ee2759fd0f4d0303446d20e2b04d2791d53c6833

  • SSDEEP

    24576:drS/FQQzGKHP6zFmsp2anGjYq5tovAFswx+7G2RabHaaMh4:da7yKvkmsetov0WGvj2h4

Score
10/10
darkgateseal1stealer

Malware Config

Extracted

Family

darkgate

Botnet

seal1

C2

193.142.146.203

Attributes
  • anti_analysis

    false

  • anti_debug

    false

  • anti_vm

    false

  • c2_port

    80

  • check_disk

    false

  • check_ram

    false

  • check_xeon

    false

  • crypter_au3

    false

  • crypter_dll

    false

  • crypter_raw_stub

    false

  • internal_mutex

    AVUHIwtf

  • minimum_disk

    100

  • minimum_ram

    4096

  • ping_interval

    6

  • rootkit

    false

  • startup_persistence

    false

  • username

    seal1

Targets

    • Target

      Tax_Document/IVIEWERS.dll

    • Size

      2.4MB

    • MD5

      cd8fff708a1a99a4d3b5bfec49ae278a

    • SHA1

      367050b2323952b52a11fcb55dd359e59637a884

    • SHA256

      cbf2ceb3c5ebc6f1d8c09f3098176ded9503800cba77cfefa25ea9e0a8085ae3

    • SHA512

      80485ca1ee306b2f9e6b18d747bfc148c3f69f98f58ade8d675babbabff20e4d387a3bb83e1ab05aff166a29df4eefeed8df989d2c8af339e68b4d365064eb68

    • SSDEEP

      49152:fLRISHEkoozx3u4+iTjaipEluOhYBUvqQENPvGzf:fLRZzx3nql1UUSQENPvE

    Score
    10/10
    darkgateseal1stealer

    • DarkGate

      DarkGate is an infostealer written in C++.

      stealerdarkgate

    • Detect DarkGate stealer

    • Blocklisted process makes network request

    • Suspicious use of NtCreateThreadExHideFromDebugger

    behavioral1behavioral2

    • Target

      Tax_Document/Tax_Document.exe

    • Size

      186KB

    • MD5

      df33c821c06835a1349cbe3b0c65f24c

    • SHA1

      5ddbb84801115d8e495b14c3963f6b174b5801f2

    • SHA256

      0263663c5375289fa2550d0cff3553dfc160a767e718a9c38efc0da3d7a4b626

    • SHA512

      13a9eff075b12b6ef398e103eda806ceed737665d35955c8882defd63ef0c9e25ecfe856ebf5560cbb61a02821ddcf9993290138fa8cdb0150ebbe0b7a1e6195

    • SSDEEP

      3072:IUiDZK+VBulx0QtCggULGWtf5Ju+uaxObQPEoSlpcm8Cy/V:wZjz2NqWtfHduaxOEPJAcmgV

    Score
    10/10
    darkgateseal1stealer

    • DarkGate

      DarkGate is an infostealer written in C++.

      stealerdarkgate

    • Detect DarkGate stealer

    • Suspicious use of NtCreateThreadExHideFromDebugger

    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.