[tildedennis]

dropper: https://www.virustotal.com/en/file/ff83 ... /analysis/
main: https://www.virustotal.com/en/file/25a3 ... /analysis/
mitb: https://www.virustotal.com/en/file/53af ... /analysis/

c2:

Code: Select all

hxxp://85.69.197.19/PanelDark/client.php

components attached, likely test/development samples.

[Peuk420]

What to do with this?

[TheExecuter]

The main file shouldn't execute properly.
RtlAdjustPrivilege's 4th param is null. It'll crash for access violation.
how'd you extract the dlls?

[tildedennis]

statically. they're stored compressed in the dropper and can be carved out and RtlDecompressBuffer'd.