Managed XDR

payment-due-invoices.eml (DarkGate) — malware analysis report

File info

Filename
payment-due-invoices.eml
File type
ASCII text, with very long lines, with CRLF line terminators
File size
1.1 MB
First seen
Last seen

Environment

w10/x86 en

Hashes

SHA1
d2696b9b78b9a4f9f9b684c45d1d821b76444f13
SHA256
9682aedb1f0a7d3f5bf669a2b768cf37f10fdca01eaa6431c8845770ff228384
MD5
5d66118058fa4d8ea6d8c535adbdcf2d

Malwares

  • DarkGate

Signatures

Execution

T1059 autoit: AutoIt script execution detected
T1059 autoit_suspicious_script: Autoit contains suspicious script

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1027.002 packer_upx: The executable file is compressed using UPX
T1027.002 packer_entropy: Probably contains compressed or encrypted data
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Other

yara_rules: Static rules
no_graphical_activity: No graphic activity
writes_data: Writes big amount of data to disk

Related reports

Managed XDR