General
-
Target
1bc06334849768ebbd7afff675e4e3196984d00c495395ddb9050c8c5f780381.exe
-
Size
4.9MB
-
Sample
240827-cqzafsxglh
-
MD5
9afafb511744b437365662e3647e8e76
-
SHA1
883956c959701ea092515d2262e7f71248bbd08e
-
SHA256
1bc06334849768ebbd7afff675e4e3196984d00c495395ddb9050c8c5f780381
-
SHA512
001010c095798369ea6338cb432f6dffa75f6badb6bd0d4f746a7d2d8c8740a9ab40b1de7ffc519538a312e46fb0621d81646db76b32a3d2aaa8d0283d856e03
-
SSDEEP
49152:C4Y60gIBGEyn4GoXW6WJKjuFs3HSqgblLWgqf8NY:bY6pHNJJ08qb
Static task
static1
Behavioral task
behavioral1
Sample
1bc06334849768ebbd7afff675e4e3196984d00c495395ddb9050c8c5f780381.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
1bc06334849768ebbd7afff675e4e3196984d00c495395ddb9050c8c5f780381.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
darkgate
rastaa
44-35-63-31.internalsakamai.net
-
anti_analysis
false
-
anti_debug
false
-
anti_vm
false
-
c2_port
80
-
check_disk
false
-
check_ram
false
-
check_xeon
false
-
crypter_au3
false
-
crypter_dll
false
-
crypter_raw_stub
false
-
internal_mutex
xKhQCrdc
-
minimum_disk
100
-
minimum_ram
4096
-
ping_interval
6
-
rootkit
false
-
startup_persistence
true
-
username
rastaa
Targets
-
-
Target
1bc06334849768ebbd7afff675e4e3196984d00c495395ddb9050c8c5f780381.exe
-
Size
4.9MB
-
MD5
9afafb511744b437365662e3647e8e76
-
SHA1
883956c959701ea092515d2262e7f71248bbd08e
-
SHA256
1bc06334849768ebbd7afff675e4e3196984d00c495395ddb9050c8c5f780381
-
SHA512
001010c095798369ea6338cb432f6dffa75f6badb6bd0d4f746a7d2d8c8740a9ab40b1de7ffc519538a312e46fb0621d81646db76b32a3d2aaa8d0283d856e03
-
SSDEEP
49152:C4Y60gIBGEyn4GoXW6WJKjuFs3HSqgblLWgqf8NY:bY6pHNJJ08qb
Score10/10-
Detect DarkGate stealer
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1