General
-
Target
98c59262ad396b4da5b0a3e82f819923f860e974f687c4fff9b852f25a56c50f_JC.xll
-
Size
50KB
-
Sample
230924-qeptjafb3w
-
MD5
8866d0e530cb613fde59c5476ea6c331
-
SHA1
e77beeb201303b739a9c4536514e48adc2118900
-
SHA256
98c59262ad396b4da5b0a3e82f819923f860e974f687c4fff9b852f25a56c50f
-
SHA512
73d157aec3d94767b1f5233617d148cb440dca8ba6381c2979f4c5265273294fefad380afa9b401df80fd9661eeae643fd23448c71a66e7ceb2e796a2a4156ea
-
SSDEEP
1536:9lnq2U5JsS6Nh5wFXscKjrtN/5zqGyiNwmHWR03aY:9c9HQNh5wFXscKXHRzaiNnVqY
Static task
static1
Behavioral task
behavioral1
Sample
98c59262ad396b4da5b0a3e82f819923f860e974f687c4fff9b852f25a56c50f_JC.xll
Resource
win7-20230831-en
Malware Config
Extracted
darkgate
http://94.228.169.143
Targets
-
-
Target
98c59262ad396b4da5b0a3e82f819923f860e974f687c4fff9b852f25a56c50f_JC.xll
-
Size
50KB
-
MD5
8866d0e530cb613fde59c5476ea6c331
-
SHA1
e77beeb201303b739a9c4536514e48adc2118900
-
SHA256
98c59262ad396b4da5b0a3e82f819923f860e974f687c4fff9b852f25a56c50f
-
SHA512
73d157aec3d94767b1f5233617d148cb440dca8ba6381c2979f4c5265273294fefad380afa9b401df80fd9661eeae643fd23448c71a66e7ceb2e796a2a4156ea
-
SSDEEP
1536:9lnq2U5JsS6Nh5wFXscKjrtN/5zqGyiNwmHWR03aY:9c9HQNh5wFXscKXHRzaiNnVqY
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-