General
-
Target
paytowin.msi
-
Size
7.7MB
-
Sample
231024-twfhzaee39
-
MD5
18c9c1bebd252bab26e3c70ab68b42a7
-
SHA1
4dc001042ed6f010791afe5cd70bfaf62b3f16af
-
SHA256
6dc4038ca3be24398610616685e954a5ce843ebcc08d3bd97ca472f6d0834b2c
-
SHA512
52d48a5c4f97978828afbdf691e494583cd9d60b34567ad1df45fe6ba5eca681541d89be7b1e701eb71181a52c2252d0a2d2b172b7bc05a440afe252009cb1d2
-
SSDEEP
98304:6pNKjsEZcgsdUqakFRFawTV82ASqQBW9vpWzxjFycvniqy33XglSB2CiU39hItDb:71NsUqai/pTOryNnxyXxBTiWKmbSQMR
Static task
static1
Behavioral task
behavioral1
Sample
paytowin.msi
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
paytowin.msi
Resource
win10v2004-20231023-en
Malware Config
Extracted
darkgate
user_871236672
http://onlineserviceboonkers.com
-
alternative_c2_port
8080
-
anti_analysis
true
-
anti_debug
true
-
anti_vm
true
-
c2_port
2351
-
check_disk
true
-
check_ram
true
-
check_xeon
true
-
crypter_au3
false
-
crypter_dll
false
-
crypter_rawstub
true
-
crypto_key
yBhTbTZsxrLjqz
-
internal_mutex
txtMut
-
minimum_disk
35
-
minimum_ram
6000
-
ping_interval
4
-
rootkit
true
-
startup_persistence
true
-
username
user_871236672
Targets
-
-
Target
paytowin.msi
-
Size
7.7MB
-
MD5
18c9c1bebd252bab26e3c70ab68b42a7
-
SHA1
4dc001042ed6f010791afe5cd70bfaf62b3f16af
-
SHA256
6dc4038ca3be24398610616685e954a5ce843ebcc08d3bd97ca472f6d0834b2c
-
SHA512
52d48a5c4f97978828afbdf691e494583cd9d60b34567ad1df45fe6ba5eca681541d89be7b1e701eb71181a52c2252d0a2d2b172b7bc05a440afe252009cb1d2
-
SSDEEP
98304:6pNKjsEZcgsdUqakFRFawTV82ASqQBW9vpWzxjFycvniqy33XglSB2CiU39hItDb:71NsUqai/pTOryNnxyXxBTiWKmbSQMR
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-