General
-
Target
f7d4f261a959d790aaca39d1ebb9f26c4623c52c074776590394216bb810ff77.exe
-
Size
6.7MB
-
Sample
241219-pefp7atjft
-
MD5
726baf607d5d6e364c3c610230e371b8
-
SHA1
809f2cb846a766ff94b7fb86db7d4eab07883975
-
SHA256
f7d4f261a959d790aaca39d1ebb9f26c4623c52c074776590394216bb810ff77
-
SHA512
5494fa84d9049d75199aaf494e1a7fe72bf977853558d2ed1565530fd26345615e35eb79476bd28a187778004645597fa0960fc73085a783f97d64ff79482262
-
SSDEEP
98304:FRXveERYHssF12MVwjbFGzdaDMF/Qi0GyREcBhmca3wjA5Ok/OyCF:FRbRYM612MVQbF8gOOCcBhmca3w0oF
Static task
static1
Behavioral task
behavioral1
Sample
f7d4f261a959d790aaca39d1ebb9f26c4623c52c074776590394216bb810ff77.exe
Resource
win7-20240903-en
Malware Config
Extracted
darkgate
drk3
aspava-yachting.com
-
anti_analysis
false
-
anti_debug
false
-
anti_vm
false
-
c2_port
80
-
check_disk
false
-
check_ram
false
-
check_xeon
false
-
crypter_au3
false
-
crypter_dll
false
-
crypter_raw_stub
false
-
internal_mutex
kDWIiPpI
-
minimum_disk
100
-
minimum_ram
4096
-
ping_interval
6
-
rootkit
false
-
startup_persistence
true
-
username
drk3
Targets
-
-
Target
f7d4f261a959d790aaca39d1ebb9f26c4623c52c074776590394216bb810ff77.exe
-
Size
6.7MB
-
MD5
726baf607d5d6e364c3c610230e371b8
-
SHA1
809f2cb846a766ff94b7fb86db7d4eab07883975
-
SHA256
f7d4f261a959d790aaca39d1ebb9f26c4623c52c074776590394216bb810ff77
-
SHA512
5494fa84d9049d75199aaf494e1a7fe72bf977853558d2ed1565530fd26345615e35eb79476bd28a187778004645597fa0960fc73085a783f97d64ff79482262
-
SSDEEP
98304:FRXveERYHssF12MVwjbFGzdaDMF/Qi0GyREcBhmca3wjA5Ok/OyCF:FRbRYM612MVQbF8gOOCcBhmca3w0oF
-
Darkgate family
-
Detect DarkGate stealer
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-