Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
8fb6d066b1cfe9e7f97a62410d0c9b3e42bc8980bec7254bb470b2bc01e148d9.exe
-
Size
729KB
-
Sample
250311-emywma1whx
-
MD5
98f37b55bc2ae96024a8cb8314d6e653
-
SHA1
07ba58f1f7fb475377ea30413831977187ec612e
-
SHA256
8fb6d066b1cfe9e7f97a62410d0c9b3e42bc8980bec7254bb470b2bc01e148d9
-
SHA512
f6369fb6954ddc0ccf1fad132a011a5d3bce71cc1417d8394618eabdefa0c5e5650100ab74d9c82f761d94c7bb5cdb49436a2c4d5a1e069d6061b47cf7dd5a14
-
SSDEEP
12288:CquErHF6xC9D6DmR1J98w4oknqOOCyQfxXPp6wRr85P3DRZmI9SrIhnqe4DXc8Xj:Hrl6kD68JmlotQf/Rr8AwKDT
Malware Config
Extracted
darkcloud
- email_from
- email_to
Targets
-
-
Target
8fb6d066b1cfe9e7f97a62410d0c9b3e42bc8980bec7254bb470b2bc01e148d9.exe
-
Size
729KB
-
MD5
98f37b55bc2ae96024a8cb8314d6e653
-
SHA1
07ba58f1f7fb475377ea30413831977187ec612e
-
SHA256
8fb6d066b1cfe9e7f97a62410d0c9b3e42bc8980bec7254bb470b2bc01e148d9
-
SHA512
f6369fb6954ddc0ccf1fad132a011a5d3bce71cc1417d8394618eabdefa0c5e5650100ab74d9c82f761d94c7bb5cdb49436a2c4d5a1e069d6061b47cf7dd5a14
-
SSDEEP
12288:CquErHF6xC9D6DmR1J98w4oknqOOCyQfxXPp6wRr85P3DRZmI9SrIhnqe4DXc8Xj:Hrl6kD68JmlotQf/Rr8AwKDT
Score10/10-
DarkCloud
An information stealer written in Visual Basic.
-
Darkcloud family
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-