General
-
Target
Archive 2.zip
-
Size
738KB
-
Sample
241216-qf4zvaskdj
-
MD5
127e744962bc72c18cc274b6906576f8
-
SHA1
28853a7fe1d821a5a7634ff3a50d5297ac44d247
-
SHA256
95508f0ec2c4a2ea7a72beb4669d1dccf8e1c1d8efebbf4136d5eff1feefbde5
-
SHA512
390c03667ab39109cd1e6dd9c48b55b9be4cd8e1fe17553190864e7c2f26d2da68da1ff9fe693385ed38bc997f0e3b6fadc7d336b4856141a8775af5e67db1a9
-
SSDEEP
12288:s/EOTKmcI3EUsg2SmMKW9btSKhWIdmxGxl2R54xRBOoRP1eE9ng7i9iEZwXSk2+S:8EOqI3EfJSrKw5pW+yGSIRHRNeE9a0wS
Static task
static1
Behavioral task
behavioral1
Sample
autoit3.exe
Resource
win7-20240903-en
Malware Config
Extracted
darkgate
drk3
aspava-yachting.com
-
anti_analysis
false
-
anti_debug
false
-
anti_vm
false
-
c2_port
80
-
check_disk
false
-
check_ram
false
-
check_xeon
false
-
crypter_au3
false
-
crypter_dll
false
-
crypter_raw_stub
false
-
internal_mutex
kDWIiPpI
-
minimum_disk
100
-
minimum_ram
4096
-
ping_interval
6
-
rootkit
false
-
startup_persistence
true
-
username
drk3
Targets
-
-
Target
autoit3.exe
-
Size
872KB
-
MD5
c56b5f0201a3b3de53e561fe76912bfd
-
SHA1
2a4062e10a5de813f5688221dbeb3f3ff33eb417
-
SHA256
237d1bca6e056df5bb16a1216a434634109478f882d3b1d58344c801d184f95d
-
SHA512
195b98245bb820085ae9203cdb6d470b749d1f228908093e8606453b027b7d7681ccd7952e30c2f5dd40f8f0b999ccfc60ebb03419b574c08de6816e75710d2c
-
SSDEEP
12288:6pVWeOV7GtINsegA/hMyyzlcqikvAfcN9b2MyZa31twoPTdFxgawV2M01:6T3E53Myyzl0hMf1tr7Caw8M01
-
Darkgate family
-
Detect DarkGate stealer
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Adds Run key to start application
-