General
-
Target
6bef7c9809b35c7a2111872544e68aa29b8323f5936b6b1122c5f4138cf6e1e8
-
Size
3.5MB
-
Sample
240818-k6qbgswglc
-
MD5
0bd370eef60a45fd61634df249b64b91
-
SHA1
6758f0170b8227ad373ec35e12e6f300f2f27b42
-
SHA256
6bef7c9809b35c7a2111872544e68aa29b8323f5936b6b1122c5f4138cf6e1e8
-
SHA512
b06159c59477dba32c69c53194e832ce2335d038761559328cb04f7f5286d4800fd68f9ac1d61f0063cb138e2e191876e13ab5ee0d03ca9bf44b70e086140f52
-
SSDEEP
49152:XwREDDMeGGezwQbVqL+ecrCkwYw4z0g3QjfkRiGqUydHeMxWrP+beY7UY714:XwREBGGezfI2hwYDzJQ7UqzdMwZgN
Static task
static1
Behavioral task
behavioral1
Sample
6bef7c9809b35c7a2111872544e68aa29b8323f5936b6b1122c5f4138cf6e1e8.exe
Resource
win7-20240708-en
Malware Config
Extracted
darkgate
seeksoul
version6dkgate.duckdns.org
-
anti_analysis
false
-
anti_debug
false
-
anti_vm
false
-
c2_port
5864
-
check_disk
false
-
check_ram
false
-
check_xeon
false
-
crypter_au3
false
-
crypter_dll
false
-
crypter_raw_stub
false
-
internal_mutex
hOTwjapB
-
minimum_disk
100
-
minimum_ram
4096
-
ping_interval
6
-
rootkit
false
-
startup_persistence
true
-
username
seeksoul
Targets
-
-
Target
6bef7c9809b35c7a2111872544e68aa29b8323f5936b6b1122c5f4138cf6e1e8
-
Size
3.5MB
-
MD5
0bd370eef60a45fd61634df249b64b91
-
SHA1
6758f0170b8227ad373ec35e12e6f300f2f27b42
-
SHA256
6bef7c9809b35c7a2111872544e68aa29b8323f5936b6b1122c5f4138cf6e1e8
-
SHA512
b06159c59477dba32c69c53194e832ce2335d038761559328cb04f7f5286d4800fd68f9ac1d61f0063cb138e2e191876e13ab5ee0d03ca9bf44b70e086140f52
-
SSDEEP
49152:XwREDDMeGGezwQbVqL+ecrCkwYw4z0g3QjfkRiGqUydHeMxWrP+beY7UY714:XwREBGGezfI2hwYDzJQ7UqzdMwZgN
-
Detect DarkGate stealer
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-