Extracted

Extracted

• • Target

    mkreafr.msi

  • Size

    4.3MB

  • MD5

    4f238c2093606fc296f1f819c2f0fc67

  • SHA1

    f8535858fcee6b96e0f49e6156fa110fc0698880

  • SHA256

    58e2f786321d58631386654265c8fc5298e1e396c219a424de57a3623b4bd994

  • SHA512

    c2422db8871d6303b5903c4b11cca3debd62cb25a406655db5a0ba407f33c9fef739371d297e5ccad45efc99e040e6ae29079b4b9325f52d54c5e780f8c346f7

  • SSDEEP

    49152:jpUPN9qhCxzT+WKjSXcmNt6+XzP4BYIeBfCXqyfdo1DDDDDDDDDDPuDgO9hTnxA5:jpqCQbm+jg12f3yaiga6yU

  Score

  10^/10

  darkgateadmin888discoverystealerpersistence

  • DarkGate

    DarkGate is an infostealer written in C++.

    stealerdarkgate

  • Detect DarkGate stealer

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Modifies file permissions

    discovery

  • Uses the VBS compiler for execution

  • Adds Run key to start application

    persistence

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2