General
-
Target
Dark_drop_2_pers_lum_clean.exe.bin.exe
-
Size
4.7MB
-
Sample
241115-wh1cbssmhj
-
MD5
19888b7fe000d86bc63cf6a75a1e4c69
-
SHA1
05ca780f0ba02d7b13d969560f02621ec94ff6cb
-
SHA256
cc5c482229f5b9d1c88f6ff68abb7461de259749f6230932654bb5aaa3fddd88
-
SHA512
06fadf1e5a002c6603f46206086b3b439ae912ae4c0cbf47289a018f544f7f174347e5d70eb759dd54fee564c4e1d224d3b71f516517fe0395a43553779ceb41
-
SSDEEP
98304:p7kJzG+ACjCweJ43Nw8OYVW5UcH4kSymFQ/wtj+r:ZkJzG+AC+tJsqYcqE4kSymFzx+r
Static task
static1
Behavioral task
behavioral1
Sample
Dark_drop_2_pers_lum_clean.exe.bin.exe
Resource
win7-20241010-en
Malware Config
Extracted
darkgate
Derry
164.132.5.124
-
anti_analysis
false
-
anti_debug
false
-
anti_vm
false
-
c2_port
1111
-
check_disk
false
-
check_ram
false
-
check_xeon
false
-
crypter_au3
false
-
crypter_dll
false
-
crypter_raw_stub
false
-
internal_mutex
KfrfRZvc
-
minimum_disk
100
-
minimum_ram
4096
-
ping_interval
6
-
rootkit
false
-
startup_persistence
true
-
username
Derry
Targets
-
-
Target
Dark_drop_2_pers_lum_clean.exe.bin.exe
-
Size
4.7MB
-
MD5
19888b7fe000d86bc63cf6a75a1e4c69
-
SHA1
05ca780f0ba02d7b13d969560f02621ec94ff6cb
-
SHA256
cc5c482229f5b9d1c88f6ff68abb7461de259749f6230932654bb5aaa3fddd88
-
SHA512
06fadf1e5a002c6603f46206086b3b439ae912ae4c0cbf47289a018f544f7f174347e5d70eb759dd54fee564c4e1d224d3b71f516517fe0395a43553779ceb41
-
SSDEEP
98304:p7kJzG+ACjCweJ43Nw8OYVW5UcH4kSymFQ/wtj+r:ZkJzG+AC+tJsqYcqE4kSymFzx+r
-
Darkgate family
-
Detect DarkGate stealer
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-