General
-
Target
drama.js
-
Size
135KB
-
Sample
231025-ynq2ysfa24
-
MD5
e4f9dc6dce0febfc6b482a72ecae623c
-
SHA1
ab62cf43d293852739dcd538cea9bfcba7583897
-
SHA256
5736fa697d542ce30f133b77f20b14e98da721381bbebd259c118779f1cf8685
-
SHA512
50de7dd2dc8364c1b5c1dfed99d2051ba2e584fef71b336771dd2e8f3a49f4f67cd2f17ef72276819081f790bec961e903177c24efe5230aa3224f1228e7d05e
-
SSDEEP
1536:BZUTSCM9Cfq7u02PmUVdGXjXl4xc5KTPBoMqS7j8frPWgtZPnCUQrNgZnFFQE/0Z:0T9U7hgaX6eerjqlI2IO6MzqfL1
Static task
static1
Behavioral task
behavioral1
Sample
drama.js
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
drama.js
Resource
win10v2004-20231023-en
Malware Config
Extracted
darkgate
user_871236672
http://taochinashowwers.com
-
alternative_c2_port
8080
-
anti_analysis
true
-
anti_debug
true
-
anti_vm
true
-
c2_port
2351
-
check_disk
true
-
check_ram
true
-
check_xeon
true
-
crypter_au3
false
-
crypter_dll
false
-
crypter_rawstub
true
-
crypto_key
aujvhepXpZBhyO
-
internal_mutex
txtMut
-
minimum_disk
40
-
minimum_ram
7000
-
ping_interval
4
-
rootkit
true
-
startup_persistence
true
-
username
user_871236672
Targets
-
-
Target
drama.js
-
Size
135KB
-
MD5
e4f9dc6dce0febfc6b482a72ecae623c
-
SHA1
ab62cf43d293852739dcd538cea9bfcba7583897
-
SHA256
5736fa697d542ce30f133b77f20b14e98da721381bbebd259c118779f1cf8685
-
SHA512
50de7dd2dc8364c1b5c1dfed99d2051ba2e584fef71b336771dd2e8f3a49f4f67cd2f17ef72276819081f790bec961e903177c24efe5230aa3224f1228e7d05e
-
SSDEEP
1536:BZUTSCM9Cfq7u02PmUVdGXjXl4xc5KTPBoMqS7j8frPWgtZPnCUQrNgZnFFQE/0Z:0T9U7hgaX6eerjqlI2IO6MzqfL1
Score10/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-