General
-
Target
2024-04-28_f9895213b401a7ba00112c954b173cfa_darkgate_ransomlock
-
Size
1.3MB
-
Sample
240428-ehwwgaff34
-
MD5
f9895213b401a7ba00112c954b173cfa
-
SHA1
3beefd2c4ecea2a0fb33bbe5a04f3c3efd44e7f2
-
SHA256
849c08a491f9cbed4f9693c279c1012a838f1f115d64bc1babbce36c0b466333
-
SHA512
b9029eee3a6d2df3ce7bfaff37e90f041f5d1b237c33f908d5dda35d0ca8eaa2dfd05de8aa30d3bcb7d98fc34c1204c71965426e7d7c07d7a3e66fe9a461c9c9
-
SSDEEP
24576:HwxPanDWDAxfy+t4g6cBLi2iYQOlbQTAIUV:QxPpWTjPJplUTjUV
Static task
static1
Behavioral task
behavioral1
Sample
2024-04-28_f9895213b401a7ba00112c954b173cfa_darkgate_ransomlock.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
2024-04-28_f9895213b401a7ba00112c954b173cfa_darkgate_ransomlock.exe
Resource
win10v2004-20240419-en
Malware Config
Targets
-
-
Target
2024-04-28_f9895213b401a7ba00112c954b173cfa_darkgate_ransomlock
-
Size
1.3MB
-
MD5
f9895213b401a7ba00112c954b173cfa
-
SHA1
3beefd2c4ecea2a0fb33bbe5a04f3c3efd44e7f2
-
SHA256
849c08a491f9cbed4f9693c279c1012a838f1f115d64bc1babbce36c0b466333
-
SHA512
b9029eee3a6d2df3ce7bfaff37e90f041f5d1b237c33f908d5dda35d0ca8eaa2dfd05de8aa30d3bcb7d98fc34c1204c71965426e7d7c07d7a3e66fe9a461c9c9
-
SSDEEP
24576:HwxPanDWDAxfy+t4g6cBLi2iYQOlbQTAIUV:QxPpWTjPJplUTjUV
Score10/10-
Detects executables containing artifacts associated with disabling Widnows Defender
-
Detects executables embedding registry key / value combination indicative of disabling Windows Defender features
-
Sets file execution options in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Scheduled Task/Job
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Scheduled Task/Job
1