General
-
Target
02112023_2233_00pack.msi
-
Size
8.3MB
-
Sample
231102-rw846sfb77
-
MD5
5d97d62b9c65ce53095c58bb977f1336
-
SHA1
2d08cd587b7ec6c7afa71c60e9c045dc5f728d4b
-
SHA256
32039dccac205468c9f43636815e636f4dc821081f495f4bacebbbaa6f05818d
-
SHA512
8b5101b9d0e0812eb059d74b93ee570aba93e841d2c0ec58be5e06ba0fc60770e92639aded7fd87149a2626e33dec954b05a9c941de67a17abb4a8db65478c44
-
SSDEEP
196608:BkdAirk9zqV8GinTPMoGkd/ROfL0uUmN4in1VAnEVYxVSe3l/3Ka:WdAirAzqVAnTPMgd+0ogHnF3l3
Static task
static1
Behavioral task
behavioral1
Sample
02112023_2233_00pack.msi
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
02112023_2233_00pack.msi
Resource
win10v2004-20231023-en
Malware Config
Extracted
darkgate
user_871236672
http://shsukadadyuikmmonk.com
-
alternative_c2_port
8080
-
anti_analysis
true
-
anti_debug
false
-
anti_vm
true
-
c2_port
2351
-
check_disk
true
-
check_ram
true
-
check_xeon
false
-
crypter_au3
false
-
crypter_dll
false
-
crypter_rawstub
true
-
crypto_key
kPNVJIWEwOcGPL
-
internal_mutex
txtMut
-
minimum_disk
50
-
minimum_ram
6001
-
ping_interval
4
-
rootkit
true
-
startup_persistence
true
-
username
user_871236672
Targets
-
-
Target
02112023_2233_00pack.msi
-
Size
8.3MB
-
MD5
5d97d62b9c65ce53095c58bb977f1336
-
SHA1
2d08cd587b7ec6c7afa71c60e9c045dc5f728d4b
-
SHA256
32039dccac205468c9f43636815e636f4dc821081f495f4bacebbbaa6f05818d
-
SHA512
8b5101b9d0e0812eb059d74b93ee570aba93e841d2c0ec58be5e06ba0fc60770e92639aded7fd87149a2626e33dec954b05a9c941de67a17abb4a8db65478c44
-
SSDEEP
196608:BkdAirk9zqV8GinTPMoGkd/ROfL0uUmN4in1VAnEVYxVSe3l/3Ka:WdAirAzqVAnTPMgd+0ogHnF3l3
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-