General
-
Target
01112023_2235_InstallerStart.msi
-
Size
8.3MB
-
Sample
231101-rx6ensaa31
-
MD5
ae1cc1647c5530374ced0e755108073f
-
SHA1
abb17ed6017bfa0417586f72722c44e8d65be1c4
-
SHA256
b85d5fa9ff6d33988a931233a84a3545f0066dc0fc6c066d3465f0e090fd1c1a
-
SHA512
e5007a11f44dd40ebd7dee049278d98d80124653961fa4d697488eb2dae136d93650c85be5816f5b065992fbbcce598180f4e5dc4cdf02c227494630eb67c357
-
SSDEEP
196608:+kdAirk9zqV8GinTPMoGkd/ROfL0uUmN4in1VAnEVYxVSe3M4q:ldAirAzqVAnTPMgd+0ogHnF3MZ
Static task
static1
Behavioral task
behavioral1
Sample
01112023_2235_InstallerStart.msi
Resource
win7-20231025-en
Malware Config
Extracted
darkgate
ADS5
http://sftp.bitepieces.com
-
alternative_c2_port
8080
-
anti_analysis
true
-
anti_debug
true
-
anti_vm
true
-
c2_port
443
-
check_disk
true
-
check_ram
true
-
check_xeon
true
-
crypter_au3
false
-
crypter_dll
false
-
crypter_rawstub
true
-
crypto_key
rshaUPDveeNecx
-
internal_mutex
txtMut
-
minimum_disk
40
-
minimum_ram
5000
-
ping_interval
4
-
rootkit
true
-
startup_persistence
true
-
username
ADS5
Targets
-
-
Target
01112023_2235_InstallerStart.msi
-
Size
8.3MB
-
MD5
ae1cc1647c5530374ced0e755108073f
-
SHA1
abb17ed6017bfa0417586f72722c44e8d65be1c4
-
SHA256
b85d5fa9ff6d33988a931233a84a3545f0066dc0fc6c066d3465f0e090fd1c1a
-
SHA512
e5007a11f44dd40ebd7dee049278d98d80124653961fa4d697488eb2dae136d93650c85be5816f5b065992fbbcce598180f4e5dc4cdf02c227494630eb67c357
-
SSDEEP
196608:+kdAirk9zqV8GinTPMoGkd/ROfL0uUmN4in1VAnEVYxVSe3M4q:ldAirAzqVAnTPMgd+0ogHnF3MZ
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-