0bb9def35e96ceaab2f5c480f67526c0d5efd8cd4ba0f7fbb0df374ac7e95d99 | Triage

Sharing

General

Target

2024-06-05_a928b42d86202e99058a1d2eec897451_darkgate_magniber
Size

15.1MB
Sample

240605-hj2pwsgg6z
MD5

a928b42d86202e99058a1d2eec897451
SHA1

e15e42c173ffd18108bb7e55c151b58c4c28f9af
SHA256

0bb9def35e96ceaab2f5c480f67526c0d5efd8cd4ba0f7fbb0df374ac7e95d99
SHA512

d342a177b11c8e0af404e770bbee56ef0b491325831765407fb2c67527fcfdcdba06609f71bc0681cab939d558a5085d69e122690bed81c6d1fe35b3721eaf4c
SSDEEP

196608:GLJ80/s7A4zlBc5D18zZP2iIE80qLrHFLOyomFHKnPArxf5cBudLps7FLOyomFHE:Gq0k7AhD18BwE8zHFzxfKsNps7FoLL5

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  2024-06-05_a928b42d86202e99058a1d2eec897451_darkgate_magniber
- Size
  
  15.1MB
- MD5
  
  a928b42d86202e99058a1d2eec897451
- SHA1
  
  e15e42c173ffd18108bb7e55c151b58c4c28f9af
- SHA256
  
  0bb9def35e96ceaab2f5c480f67526c0d5efd8cd4ba0f7fbb0df374ac7e95d99
- SHA512
  
  d342a177b11c8e0af404e770bbee56ef0b491325831765407fb2c67527fcfdcdba06609f71bc0681cab939d558a5085d69e122690bed81c6d1fe35b3721eaf4c
- SSDEEP
  
  196608:GLJ80/s7A4zlBc5D18zZP2iIE80qLrHFLOyomFHKnPArxf5cBudLps7FLOyomFHE:Gq0k7AhD18BwE8zHFzxfKsNps7FoLL5
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2