Extracted

• • Target

    bye.vbs

  • Size

    19KB

  • MD5

    a19d814f720701a258a6e8b5a22b22c9

  • SHA1

    cbdcdefb3328f1473bb1da624ed2bf9515ffd2c3

  • SHA256

    7d4115e88411e7bcac9ed622dbb6554ff4015c6f9fed98a5427970ceada526e6

  • SHA512

    51b2a31f0c4fce15d87d1ab88d8e383ee7f8be0e9075183a22c6bfcca48dd30d43ca7987baf3c811ab11a4132199a31213d3096c91a645127f13b7703d3bd044

  • SSDEEP

    384:fwcem3DxZbJ6TZZfOEcMR/vuvP3RhbWbdVIIo+T6ncfzeQhs7h7:YcXZ16/+MRSbbaX9yp7h7

  Score

  10^/10

  darkgatestealer

  • DarkGate

    DarkGate is an infostealer written in C++.

    stealerdarkgate

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  behavioral1behavioral2