Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

payload.exe

windows7-x64

10

payload.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    payload.bin

  • Size

    5.3MB

  • Sample

    250304-s1nvgatrz4

  • MD5

    6b4aeac02cbb4faa6480dab8daaebcd6

  • SHA1

    a8989792d47e6cd40290e46062d7584e86b093db

  • SHA256

    9558ddfc6a51ec3bd77070a9f23109c9028b9143bdf75f3b65b90160867d5d9f

  • SHA512

    1e49896d18c3d698ecb47329bab616c888447af00c093fc6d734051ab08ed5f4b2cec083c31f0e1251d22393c1ed6e36e500dee945b9bda690086e94b1ee833b

  • SSDEEP

    49152:tR/KpmZebPf2S8W2ILeWl+C1p9jWy5Snd0eigXe9Mn:T/jdYLP1Sy5E0bO

Score
10/10
darkgatetraf777discoverypersistencestealer

Malware Config

Extracted

Family

darkgate

Botnet

traf777

C2

144.202.85.30

Attributes
  • anti_analysis

    true

  • anti_debug

    false

  • anti_vm

    true

  • c2_port

    80

  • check_disk

    false

  • check_ram

    true

  • check_xeon

    false

  • crypter_au3

    false

  • crypter_dll

    false

  • crypter_raw_stub

    false

  • internal_mutex

    MZSkIYQY

  • minimum_disk

    100

  • minimum_ram

    1096

  • ping_interval

    6

  • rootkit

    false

  • startup_persistence

    false

  • username

    traf777

Targets

    • Target

      payload.bin

    • Size

      5.3MB

    • MD5

      6b4aeac02cbb4faa6480dab8daaebcd6

    • SHA1

      a8989792d47e6cd40290e46062d7584e86b093db

    • SHA256

      9558ddfc6a51ec3bd77070a9f23109c9028b9143bdf75f3b65b90160867d5d9f

    • SHA512

      1e49896d18c3d698ecb47329bab616c888447af00c093fc6d734051ab08ed5f4b2cec083c31f0e1251d22393c1ed6e36e500dee945b9bda690086e94b1ee833b

    • SSDEEP

      49152:tR/KpmZebPf2S8W2ILeWl+C1p9jWy5Snd0eigXe9Mn:T/jdYLP1Sy5E0bO

    Score
    10/10
    darkgatetraf777discoverypersistencestealer

    • DarkGate

      DarkGate is an infostealer written in C++.

      stealerdarkgate

    • Darkgate family

      darkgate

    • Detect DarkGate stealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks