Extracted

• • Target

    98c59262ad396b4da5b0a3e82f819923f860e974f687c4fff9b852f25a56c50f_JC.xll

  • Size

    50KB

  • MD5

    8866d0e530cb613fde59c5476ea6c331

  • SHA1

    e77beeb201303b739a9c4536514e48adc2118900

  • SHA256

    98c59262ad396b4da5b0a3e82f819923f860e974f687c4fff9b852f25a56c50f

  • SHA512

    73d157aec3d94767b1f5233617d148cb440dca8ba6381c2979f4c5265273294fefad380afa9b401df80fd9661eeae643fd23448c71a66e7ceb2e796a2a4156ea

  • SSDEEP

    1536:9lnq2U5JsS6Nh5wFXscKjrtN/5zqGyiNwmHWR03aY:9c9HQNh5wFXscKXHRzaiNnVqY

  Score

  10^/10

  darkgatestealer

  • DarkGate

    DarkGate is an infostealer written in C++.

    stealerdarkgate

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  behavioral1behavioral2