General
-
Target
05022024_2208_chache.hta
-
Size
73KB
-
Sample
240205-rfekmabeap
-
MD5
26daad505b15a76a4ae1be76f9c77488
-
SHA1
70d2f0a9a4f51316f65ff8b895518c6fb824f4c7
-
SHA256
4644c5cfe036b53190d6f36a2d9e3067ea05622481092ab05b55e5754e89ba2e
-
SHA512
96e8cc6ea11bd22d9a3195f87c5d4e241e58a1c6fca2de4db1dab4a08d8cd4d4b7a9a51a7b478f16422c030cd675b7ab144015de8c87bcec03bc5c0568c26ffc
-
SSDEEP
768:kohVndK3EFiaID3u1cP/wTgdok7h/ZdmYu7aZD0fJgPKOjLxphC8U4u4EeUeEgFa:kobndK4IDeshU3gfALti5Oz
Static task
static1
Behavioral task
behavioral1
Sample
05022024_2208_chache.hta
Resource
win7-20231215-en
Malware Config
Targets
-
-
Target
05022024_2208_chache.hta
-
Size
73KB
-
MD5
26daad505b15a76a4ae1be76f9c77488
-
SHA1
70d2f0a9a4f51316f65ff8b895518c6fb824f4c7
-
SHA256
4644c5cfe036b53190d6f36a2d9e3067ea05622481092ab05b55e5754e89ba2e
-
SHA512
96e8cc6ea11bd22d9a3195f87c5d4e241e58a1c6fca2de4db1dab4a08d8cd4d4b7a9a51a7b478f16422c030cd675b7ab144015de8c87bcec03bc5c0568c26ffc
-
SSDEEP
768:kohVndK3EFiaID3u1cP/wTgdok7h/ZdmYu7aZD0fJgPKOjLxphC8U4u4EeUeEgFa:kobndK4IDeshU3gfALti5Oz
-
Detect DarkGate stealer
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-