General
-
Target
02112023_2237_00package.js
-
Size
135KB
-
Sample
231102-rzedzadc3w
-
MD5
acd09f544443ccf50e6fe55d27ea3b5f
-
SHA1
4492e105277b8c058995de59b85ab9cf03b77bd9
-
SHA256
8df36c2cea92f6e1e476ac5643adb276af2735356c3f388e08682016f242a5dd
-
SHA512
a4fe157045b179031f49388f4019b72e418c97b752a7c2d59f9bf9172c0f11a7550af76322295b21cc7ff6ac7b131c93c5a62511e7aaab6fe567c8e613b98ad4
-
SSDEEP
1536:BZUTSCM9Cfq7u02PmUVdGXjXl4xc5KTPBoMqS7j8frPWgtZPnCUQrNgZnFFQE/0r:0T9U7hgaX6eerjqlI2IO6Mzqfsf/m
Static task
static1
Behavioral task
behavioral1
Sample
02112023_2237_00package.js
Resource
win7-20231023-en
Malware Config
Extracted
darkgate
ADS5
http://sftp.noheroway.com
-
alternative_c2_port
8080
-
anti_analysis
false
-
anti_debug
false
-
anti_vm
true
-
c2_port
443
-
check_disk
true
-
check_ram
true
-
check_xeon
false
-
crypter_au3
false
-
crypter_dll
false
-
crypter_rawstub
true
-
crypto_key
QMUPRuePoaYqwJ
-
internal_mutex
txtMut
-
minimum_disk
90
-
minimum_ram
5000
-
ping_interval
4
-
rootkit
true
-
startup_persistence
true
-
username
ADS5
Targets
-
-
Target
02112023_2237_00package.js
-
Size
135KB
-
MD5
acd09f544443ccf50e6fe55d27ea3b5f
-
SHA1
4492e105277b8c058995de59b85ab9cf03b77bd9
-
SHA256
8df36c2cea92f6e1e476ac5643adb276af2735356c3f388e08682016f242a5dd
-
SHA512
a4fe157045b179031f49388f4019b72e418c97b752a7c2d59f9bf9172c0f11a7550af76322295b21cc7ff6ac7b131c93c5a62511e7aaab6fe567c8e613b98ad4
-
SSDEEP
1536:BZUTSCM9Cfq7u02PmUVdGXjXl4xc5KTPBoMqS7j8frPWgtZPnCUQrNgZnFFQE/0r:0T9U7hgaX6eerjqlI2IO6Mzqfsf/m
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-