c6a562b283c50ec4bf0a5a6bdcfb4e8449c2c9b4c0b6efe4a3dcf40f5c25a45e

Submit
Reports

Overview

overview

Static

static

apk/cyberR...ws.jar

windows7-x64

apk/cyberR...ws.jar

windows10-2004-x64

apk/cyberR...x.html

windows7-x64

apk/cyberR...x.html

windows10-2004-x64

apk/cyberR...x.html

windows7-x64

apk/cyberR...x.html

windows10-2004-x64

exe/crypte...te.bat

windows7-x64

exe/crypte...te.bat

windows10-2004-x64

exe/crypte...er.vbs

windows7-x64

exe/crypte...er.vbs

windows10-2004-x64

exe/crypte...-0.dll

windows7-x64

exe/crypte...-0.dll

windows10-2004-x64

exe/crypte...e3.exe

windows7-x64

exe/crypte...e3.exe

windows10-2004-x64

exe/crypte...-0.dll

windows7-x64

exe/crypte...-0.dll

windows10-2004-x64

exe/crypte...in.exe

windows7-x64

exe/crypte...in.exe

windows10-2004-x64

exe/crypte...e3.dll

windows7-x64

exe/crypte...e3.dll

windows10-2004-x64

libssp-0.dll

windows7-x64

libssp-0.dll

windows10-2004-x64

pidgin.exe

windows7-x64

pidgin.exe

windows10-2004-x64

sqlite3.dll

windows7-x64

sqlite3.dll

windows10-2004-x64

exe/non cr...x.html

windows7-x64

exe/non cr...x.html

windows10-2004-x64

exe/non cr...ed.exe

windows7-x64

exe/non cr...ed.exe

windows10-2004-x64

exe/non cr...x.html

windows7-x64

exe/non cr...x.html

windows10-2004-x64

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
20-08-2024 01:40

Sharing

Copy URL

Twitter E-mail

Static task

static1

darkgate

3 signatures

Behavioral task

behavioral1

Sample

apk/cyberRat/Port 7262 sample build/Google News.jar

Resource

win7-20240708-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

apk/cyberRat/Port 7262 sample build/Google News.jar

Resource

win10v2004-20240802-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral3

Sample

apk/cyberRat/Port 7262 sample build/index.html

Resource

win7-20240708-en

discovery

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral4

Sample

apk/cyberRat/Port 7262 sample build/index.html

Resource

win10v2004-20240802-en

discovery

windows10-2004-x64

7 signatures

150 seconds

Behavioral task

behavioral5

Sample

apk/cyberRat/index.html

Resource

win7-20240704-en

discovery

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral6

Sample

apk/cyberRat/index.html

Resource

win10v2004-20240802-en

discovery

windows10-2004-x64

7 signatures

150 seconds

Behavioral task

behavioral7

Sample

exe/crypted/Dakrgate 5864 startup plus rootkit/Batch file for 5864v dll crypted darkgate/update.bat

Resource

win7-20240705-en

execution

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral8

Sample

exe/crypted/Dakrgate 5864 startup plus rootkit/Batch file for 5864v dll crypted darkgate/update.bat

Resource

win10v2004-20240802-en

execution

windows10-2004-x64

6 signatures

150 seconds

Behavioral task

behavioral9

Sample

exe/crypted/Dakrgate 5864 startup plus rootkit/Crypted_with AU3 with startup only with decoded Launcher VBS/launcher.vbs

Resource

win7-20240708-en

darkgate discovery stealer

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral10

Sample

exe/crypted/Dakrgate 5864 startup plus rootkit/Crypted_with AU3 with startup only with decoded Launcher VBS/launcher.vbs

Resource

win10v2004-20240802-en

darkgate discovery stealer

windows10-2004-x64

13 signatures

150 seconds

Behavioral task

behavioral11

Sample

exe/crypted/Dakrgate 5864 startup plus rootkit/Crypted_with AU3 with startup only with decoded Launcher VBS/libssp-0.dll

Resource

win7-20240708-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral12

Sample

exe/crypted/Dakrgate 5864 startup plus rootkit/Crypted_with AU3 with startup only with decoded Launcher VBS/libssp-0.dll

Resource

win10v2004-20240802-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral13

Sample

exe/crypted/Dakrgate 5864 startup plus rootkit/Crypted_with AU3 with startup only with decoded Launcher VBS/sqlite3.exe

Resource

win7-20240704-en

discovery

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral14

Sample

exe/crypted/Dakrgate 5864 startup plus rootkit/Crypted_with AU3 with startup only with decoded Launcher VBS/sqlite3.exe

Resource

win10v2004-20240802-en

discovery

windows10-2004-x64

4 signatures

150 seconds

Behavioral task

behavioral15

Sample

exe/crypted/Dakrgate 5864 startup plus rootkit/protected_AU3_cGig/libssp-0.dll

Resource

win7-20240708-en

discovery

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral16

Sample

exe/crypted/Dakrgate 5864 startup plus rootkit/protected_AU3_cGig/libssp-0.dll

Resource

win10v2004-20240802-en

discovery

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral17

Sample

exe/crypted/Dakrgate 5864 startup plus rootkit/protected_AU3_cGig/pidgin.exe

Resource

win7-20240704-en

darkgate discovery stealer

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral18

Sample

exe/crypted/Dakrgate 5864 startup plus rootkit/protected_AU3_cGig/pidgin.exe

Resource

win10v2004-20240802-en

darkgate discovery stealer

windows10-2004-x64

11 signatures

150 seconds

Behavioral task

behavioral19

Sample

exe/crypted/Dakrgate 5864 startup plus rootkit/protected_AU3_cGig/sqlite3.dll

Resource

win7-20240704-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral20

Sample

exe/crypted/Dakrgate 5864 startup plus rootkit/protected_AU3_cGig/sqlite3.dll

Resource

win10v2004-20240802-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral21

Sample

libssp-0.dll

Resource

win7-20240708-en

discovery

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral22

Sample

libssp-0.dll

Resource

win10v2004-20240802-en

discovery

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral23

Sample

pidgin.exe

Resource

win7-20240704-en

darkgate discovery stealer

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral24

Sample

pidgin.exe

Resource

win10v2004-20240802-en

darkgate discovery stealer

windows10-2004-x64

11 signatures

150 seconds

Behavioral task

behavioral25

Sample

sqlite3.dll

Resource

win7-20240708-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral26

Sample

sqlite3.dll

Resource

win10v2004-20240802-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral27

Sample

exe/non crypted/Darkgate 5864 port sample not startup/index.html

Resource

win7-20240705-en

discovery

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral28

Sample

exe/non crypted/Darkgate 5864 port sample not startup/index.html

Resource

win10v2004-20240802-en

discovery

windows10-2004-x64

7 signatures

150 seconds

Behavioral task

behavioral29

Sample

exe/non crypted/Darkgate 5864 port sample not startup/stubbed.exe

Resource

win7-20240729-en

darkgate discovery stealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral30

Sample

exe/non crypted/Darkgate 5864 port sample not startup/stubbed.exe

Resource

win10v2004-20240802-en

darkgate discovery stealer

windows10-2004-x64

8 signatures

150 seconds

Behavioral task

behavioral31

Sample

exe/non crypted/index.html

Resource

win7-20240704-en

discovery

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral32

Sample

exe/non crypted/index.html

Resource

win10v2004-20240802-en

discovery

windows10-2004-x64

7 signatures

150 seconds

Report Analysis Logs

General

Target

apk/cyberRat/Port 7262 sample build/Google News.jar
Size

292KB
MD5

9dc59c231c11656c36181890e3699bec
SHA1

9c4cde8c2413fe82edf3f820a68baba75a60deaa
SHA256

e954167775d56cd819a15df364b572e83dd0096100ac1ceb27227d3cbbd7d8cc
SHA512

580c1a0b921df0df11f8f847427d501a3986b4c3952283c3a2bd01ef5741c4eb5940eef2c62153498eefe3b3bbb8f316f4489aea594cec6b68c64f1cb91a661f
SSDEEP

6144:DTCiuxS+i3eb4j+wNvmCGfZFxADyd6RwV5U1Sgi6WrjykWK2BGi3xapWQ:PnusT3cgtN0FeS6Rq21SgH8tWDBaQQ

Score

1^/10

Malware Config

Signatures

Processes

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar "C:\Users\Admin\AppData\Local\Temp\apk\cyberRat\Port 7262 sample build\Google News.jar"
1⤵
PID:3936

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3936-2-0x0000017CD2990000-0x0000017CD2C00000-memory.dmp

Filesize
2.4MB

Download
memory/3936-11-0x0000017CD2970000-0x0000017CD2971000-memory.dmp

Filesize
4KB

Download
memory/3936-12-0x0000017CD2990000-0x0000017CD2C00000-memory.dmp

Filesize
2.4MB

Download