Extracted

• • Target

    Whatsapp-GUI.exe

  • Size

    278KB

  • MD5

    8c3ef2eba970f543f0ebe6dced908402

  • SHA1

    431157eaf15244e5d8cc167511b4611f4dfae85c

  • SHA256

    9e4f036dd6fbb45ce414cb5d040b3255b5ccc9ecacbfaf022b631545f9a19a02

  • SHA512

    fd0e2b2539ad4a0d587ba0059653d82e2bf4aadf37ca5a097b60fc0658aa1b3850bb589ee1cc0d5c39bfc574beaa4d56eea6a32f57407bfee21b2f306c737680

  • SSDEEP

    3072:FUbtVKuFEC34/8yBV+VKuFJC34GtmANWJ/j3:FUb/KVKq8NKmKntZWJT

  Score

  10^/10

  discoverydarkgaterjacline01395persistencestealer

  • DarkGate

    DarkGate is an infostealer written in C++.

    stealerdarkgate

  • Darkgate family

    darkgate

  • Detect DarkGate stealer

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Adds Run key to start application

    persistence
  behavioral1behavioral2