General
-
Target
2025-04-26_a3e05b851060aad8dd9f77c4a6244ac7_darkgate_elex_mafia_remcos
-
Size
8.3MB
-
Sample
250426-zhzbtayyez
-
MD5
a3e05b851060aad8dd9f77c4a6244ac7
-
SHA1
ba5431a95ac20b906fd0cf5759addc1bf376c92c
-
SHA256
4110a3af94f41754a5af49386271a17bf2ded439df98cc2bb0239c4a3abf20f5
-
SHA512
d61a7deda03d531bcbf321d12323f3836c58e59f99c8ccfa565fa43681cd237724da5a79aafd76a997c794a8d8bbf2fe4894dcd0979ddb51f241c46fa1dc1e5b
-
SSDEEP
98304:LcQUOO81DaLlJoab8aocpj+DheTpoTIlBYql7x+oZHcV4i/kgE7/FG4l7zP3u+07:Ls81DazotUTprlvGfLgc
Behavioral task
behavioral1
Sample
2025-04-26_a3e05b851060aad8dd9f77c4a6244ac7_darkgate_elex_mafia_remcos.exe
Resource
win10v2004-20250410-en
Behavioral task
behavioral2
Sample
2025-04-26_a3e05b851060aad8dd9f77c4a6244ac7_darkgate_elex_mafia_remcos.exe
Resource
win11-20250410-en
Malware Config
Targets
-
-
Target
2025-04-26_a3e05b851060aad8dd9f77c4a6244ac7_darkgate_elex_mafia_remcos
-
Size
8.3MB
-
MD5
a3e05b851060aad8dd9f77c4a6244ac7
-
SHA1
ba5431a95ac20b906fd0cf5759addc1bf376c92c
-
SHA256
4110a3af94f41754a5af49386271a17bf2ded439df98cc2bb0239c4a3abf20f5
-
SHA512
d61a7deda03d531bcbf321d12323f3836c58e59f99c8ccfa565fa43681cd237724da5a79aafd76a997c794a8d8bbf2fe4894dcd0979ddb51f241c46fa1dc1e5b
-
SSDEEP
98304:LcQUOO81DaLlJoab8aocpj+DheTpoTIlBYql7x+oZHcV4i/kgE7/FG4l7zP3u+07:Ls81DazotUTprlvGfLgc
Score10/10-
Panda Stealer payload
-
Pandastealer family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-