darktrack

General

Target

Predstavlenie № 6-51-2024 .docx.exe
Size

11.3MB
Sample

240515-l2gzzscd48
MD5

45ae0c08a1fb98fe77e4cd127b79ef7d
SHA1

12c7847fc2567ee9e6c0010f5c311753c017fa48
SHA256

bb8165b8f60818061d12cac775d8d41436b16c9b40e01071fca7fb96f6ef435e
SHA512

21cc13630fc1fe3bea4d45e356e63d4e94db7357040793b4d091ef75b2cf05191037380c493b944d1ecf748b9bd9935f1f91ba0c8654c57dbbe4530ab4fff4cd
SSDEEP

196608:fxtCbFLyXyLm+2WzU4qrVTcHHRBTue9iSoCVMbgb/x3/18afx:fWxL4S2kCVsHRsekTCVxhjx

Score

10^/10

Malware Config

Targets

- Target
  
  Predstavlenie № 6-51-2024 .docx.exe
- Size
  
  11.3MB
- MD5
  
  45ae0c08a1fb98fe77e4cd127b79ef7d
- SHA1
  
  12c7847fc2567ee9e6c0010f5c311753c017fa48
- SHA256
  
  bb8165b8f60818061d12cac775d8d41436b16c9b40e01071fca7fb96f6ef435e
- SHA512
  
  21cc13630fc1fe3bea4d45e356e63d4e94db7357040793b4d091ef75b2cf05191037380c493b944d1ecf748b9bd9935f1f91ba0c8654c57dbbe4530ab4fff4cd
- SSDEEP
  
  196608:fxtCbFLyXyLm+2WzU4qrVTcHHRBTue9iSoCVMbgb/x3/18afx:fWxL4S2kCVsHRsekTCVxhjx
Score

10^/10

darktrack evasion persistence rat stealer themida trojan upx
- DarkTrack
  DarkTrack is a remote administration tool written in delphi.
  rat stealer darktrack
- DarkTrack payload
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1
- Target
  
  $TEMP/rupedoras.exe
- Size
  
  11.2MB
- MD5
  
  d483c1a9718cf5d880b3cce5d6ff7423
- SHA1
  
  72be5e949dd6923a43e7eaab1811baea4bc4b644
- SHA256
  
  8df595a1528a09fdcfe237a7dd1009d1380a886875747d1b145925968463f7bd
- SHA512
  
  370e220b3bdb617a12479db075ee26741075306ce7a72237115b2d79c452baadf931ccf3b422e9d0ef1eb0138316c3233f3ecd27074f3e797dc20ee974eb6fe4
- SSDEEP
  
  196608:BtCbFLyXyLm+2WzU4qrVTcHHRBTue9iSoCVMbgb/x3/18af:mxL4S2kCVsHRsekTCVxhj
Score

10^/10

darktrack evasion rat stealer themida trojan upx
- DarkTrack
  DarkTrack is a remote administration tool written in delphi.
  rat stealer darktrack
- DarkTrack payload
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral2
- Target
  
  $TEMP/zapros.docx
- Size
  
  11KB
- MD5
  
  9871272af8b06b484f0529c10350a910
- SHA1
  
  707979b027f371989fb71e36795b652a2d466592
- SHA256
  
  c2a256547433bec8d7afbed923f453eb2df978f18ed498e82bb2b244b126a9f3
- SHA512
  
  5bd60de706ed3ef717177b08fa69ebc8117fe52bf53e896b91d102430b4b976b136f2df75fe4d1cb9cf16f5e73052e030e364bdf212148b1471e9c2b99f76a4c
- SSDEEP
  
  192:CtNCOdi9y6MGLnTCXK8b5o5psQrW8t6I6YjyodJYUeUgPm6E9S7P:aN9di9SQCXK3gQa8QI6gldSUezPmzAP
Score

1^/10
behavioral3