Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    a4e306de360dd28b8d54760139d3b4b9fe5448d6c906ea3ff3bc54b3ab97ea27.exe

  • Size

    765KB

  • Sample

    241018-cv1n3s1enh

  • MD5

    01af6ceeff2d2c69112366e4e31343de

  • SHA1

    4eb1e750d996fce10aa04d5fd158a2345609df6a

  • SHA256

    a4e306de360dd28b8d54760139d3b4b9fe5448d6c906ea3ff3bc54b3ab97ea27

  • SHA512

    80bc5ed358722dfee1bab90ba8eb31802104af7d1052e67f69eb9b47587a2652a5d67f6318ca2323de070d043db10789a461ed8af26b7e85304d53f7346a2075

  • SSDEEP

    12288:X1RveBYT43abOCbQaRsydeRhM2I+OEufeLXAtikRw9Jz5fxSd4+zOcOmA4Fn9BOv:X1RWBYIabOCbQaRsWeRhM2HOne6vWPN

Malware Config

Extracted

Family

darkcloud

C2

https://api.telegram.org/bot8171626722:AAGIo9PvRpFrmWwamfv0SMURLy1PCYFG9a8/sendMessage?chat_id=6542615755

Targets

    • Target

      a4e306de360dd28b8d54760139d3b4b9fe5448d6c906ea3ff3bc54b3ab97ea27.exe

    • Size

      765KB

    • MD5

      01af6ceeff2d2c69112366e4e31343de

    • SHA1

      4eb1e750d996fce10aa04d5fd158a2345609df6a

    • SHA256

      a4e306de360dd28b8d54760139d3b4b9fe5448d6c906ea3ff3bc54b3ab97ea27

    • SHA512

      80bc5ed358722dfee1bab90ba8eb31802104af7d1052e67f69eb9b47587a2652a5d67f6318ca2323de070d043db10789a461ed8af26b7e85304d53f7346a2075

    • SSDEEP

      12288:X1RveBYT43abOCbQaRsydeRhM2I+OEufeLXAtikRw9Jz5fxSd4+zOcOmA4Fn9BOv:X1RWBYIabOCbQaRsWeRhM2HOne6vWPN

    • DarkCloud

      An information stealer written in Visual Basic.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks