General
-
Target
2024-06-01_bd13093a9901a56dea72f1a41304fa9b_darkgate_ransomlock
-
Size
1.3MB
-
Sample
240601-f4cv6aca28
-
MD5
bd13093a9901a56dea72f1a41304fa9b
-
SHA1
ccb6d157e85d699c7676f5d5378cb881ea3a34ca
-
SHA256
656653aa97f4ced7a38878231aeec5121c6a128602e4b47bb68ff1c42606cce8
-
SHA512
50aa9c594b1cd4e2c55582ba72bf0244db10631675e57168de0166101856387a680bdb8281e4f99fa0904a6721bfddf113d43644dfa9e9e1160dfb5739f03d10
-
SSDEEP
24576:XwxPanDWDAxfy+t4g6cBLi2iYQOlbQTAIU3:gxPpWTjPJplUTjU3
Static task
static1
Behavioral task
behavioral1
Sample
2024-06-01_bd13093a9901a56dea72f1a41304fa9b_darkgate_ransomlock.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
2024-06-01_bd13093a9901a56dea72f1a41304fa9b_darkgate_ransomlock.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
2024-06-01_bd13093a9901a56dea72f1a41304fa9b_darkgate_ransomlock
-
Size
1.3MB
-
MD5
bd13093a9901a56dea72f1a41304fa9b
-
SHA1
ccb6d157e85d699c7676f5d5378cb881ea3a34ca
-
SHA256
656653aa97f4ced7a38878231aeec5121c6a128602e4b47bb68ff1c42606cce8
-
SHA512
50aa9c594b1cd4e2c55582ba72bf0244db10631675e57168de0166101856387a680bdb8281e4f99fa0904a6721bfddf113d43644dfa9e9e1160dfb5739f03d10
-
SSDEEP
24576:XwxPanDWDAxfy+t4g6cBLi2iYQOlbQTAIU3:gxPpWTjPJplUTjU3
Score10/10-
Detects executables containing artifacts associated with disabling Widnows Defender
-
Detects executables embedding registry key / value combination indicative of disabling Windows Defender features
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Sets file execution options in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Scheduled Task/Job
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Scheduled Task/Job
1