Extracted

• • Target

    ais_binded_moderate_halt_vm_enabled_2840.msi

  • Size

    23.8MB

  • MD5

    a3ae369339bf6213f0015ce0cfe4c5ee

  • SHA1

    20c4e81820d31cde4bdc1a345bca3f1f5bf6706a

  • SHA256

    8c4fa2e64e0bd3b3e162e6f74fab12efdb30df68db69c12506038c54ed601580

  • SHA512

    ac6e3e051c77b32ee2461318ec8427ffa97fa443c5a13f31fb584e21c2637d6afe89beef962340c1bc3d17b1f3841eeaaf27d0ed83b6eaf84b9a6444d1bebe13

  • SSDEEP

    393216:nSkbejTCxIAOo9YJi4A8oJSjbXRHodGkWrZH6RjYqLZyh7gJQ104h2j3cLFZN0c:zbe6+A59YAcXRy7W9IMJ7gJ2HmKH

  Score

  10^/10

  darkgatediscoverystealer

  • DarkGate

    DarkGate is an infostealer written in C++.

    stealerdarkgate

  • Executes dropped EXE

  • Loads dropped DLL

  • Modifies file permissions

    discovery

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  behavioral1behavioral2