Extracted

Extracted

• • Target

    de69281050c18627c8e75a3f4cdf933db77ace2a8dd13ef753f61ad6e0a405ad.msi

  • Size

    3.2MB

  • MD5

    6922c8d97e6d60135a3c55302ce1eecf

  • SHA1

    f3714edb96b5db59b392058292ed486dfd3d3629

  • SHA256

    de69281050c18627c8e75a3f4cdf933db77ace2a8dd13ef753f61ad6e0a405ad

  • SHA512

    2477b8432ffd9a0873608d978b30a8eea129d6180a18437a3a204c875ec2469e4eb0db2a6c52b6d2bb3e1881fcb0e1e29934d73608499694545cfdda5bf53494

  • SSDEEP

    49152:qpUPqczdMZnZajVw8XsmOL8ruQO7/rsGQNTRJD+jQW/XRaWEr1bCU:qpmBUZaZw8u8rJOjrsG2apKGU

  Score

  10^/10

  darkgateadmin888discoverystealerpersistence

  • DarkGate

    DarkGate is an infostealer written in C++.

    stealerdarkgate

  • Detect DarkGate stealer

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Modifies file permissions

    discovery

  • Uses the VBS compiler for execution

  • Adds Run key to start application

    persistence

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2