Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
05042024_0242_Tax_Document_23.zip
-
Size
1.1MB
-
Sample
240404-xcskzafa7z
-
MD5
5daed7551ef99616e2756e51b113f685
-
SHA1
e0be374bb3d14c047cb9e5568401258ac2b17fe2
-
SHA256
f515492977637fd5604c5fc46a64fdde688d12ac9a3850991d88b7d10803cbc5
-
SHA512
54afd1537eef93c3465bd0892c1eed81de1bb77a28adc819ba3b6193839fe291c9c1082ca2ac5efcb16bc6bf5330ce1d76684ca10359dda943a8f8bdfc1b1f91
-
SSDEEP
24576:iyLCY0qQ7Yny5BcNcSoj4jCKEnVAUdmLEvhmJIo:iyTBQUnkBcAjJV1t4
Static task
static1
Behavioral task
behavioral1
Sample
Tax_Document_23/IVIEWERS.dll
Resource
win7-20240319-en
Behavioral task
behavioral2
Sample
Tax_Document_23/IVIEWERS.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
Tax_Document_23/Tax_Document.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
Tax_Document_23/Tax_Document.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
darkgate
seal1
193.142.146.203
-
anti_analysis
false
-
anti_debug
false
-
anti_vm
false
-
c2_port
80
-
check_disk
false
-
check_ram
false
-
check_xeon
false
-
crypter_au3
false
-
crypter_dll
false
-
crypter_raw_stub
false
-
internal_mutex
AVUHIwtf
-
minimum_disk
100
-
minimum_ram
4096
-
ping_interval
6
-
rootkit
false
-
startup_persistence
false
-
username
seal1
Targets
-
-
Target
Tax_Document_23/IVIEWERS.dll
-
Size
2.2MB
-
MD5
6fa5ccb9fd4c3ff6d0c98fd22789085a
-
SHA1
d0134291f882df3ab8742e89aad45abdd5a503a1
-
SHA256
c12db3f77c4c7d51863e7b7453ecb92145214673774724e8e07c988410d646ed
-
SHA512
6d3382b74eeb0c983c3d8438549b27bd014360a7b002e7e9e25c8eecb7ac418c5975c5a8b37fc16ca8e425f1b90aa4c22b6b6d6500e4d6ebcdee7e9bfd7fd0e0
-
SSDEEP
24576:zPIcwYtNeFBVgPFCrqiWESjoXSTPFU5gG2wjIYAFvvcFd7gQ/8BdGhhg8x2IeYSn:3tNyBVsC9zCFSdS/YBUvqQyK
Score10/10-
Detect DarkGate stealer
-
Blocklisted process makes network request
-
Adds Run key to start application
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
-
-
Target
Tax_Document_23/Tax_Document.exe
-
Size
186KB
-
MD5
df33c821c06835a1349cbe3b0c65f24c
-
SHA1
5ddbb84801115d8e495b14c3963f6b174b5801f2
-
SHA256
0263663c5375289fa2550d0cff3553dfc160a767e718a9c38efc0da3d7a4b626
-
SHA512
13a9eff075b12b6ef398e103eda806ceed737665d35955c8882defd63ef0c9e25ecfe856ebf5560cbb61a02821ddcf9993290138fa8cdb0150ebbe0b7a1e6195
-
SSDEEP
3072:IUiDZK+VBulx0QtCggULGWtf5Ju+uaxObQPEoSlpcm8Cy/V:wZjz2NqWtfHduaxOEPJAcmgV
Score10/10-
Detect DarkGate stealer
-
Adds Run key to start application
-
Suspicious use of NtCreateThreadExHideFromDebugger
-