General
-
Target
Test_395-13959.zip
-
Size
6.9MB
-
Sample
231004-q6y7aaeb22
-
MD5
e338dea73983feaf5bb00fd510f995c1
-
SHA1
e82c11612c0870e8175eafa8c9c5f9151d0b80d7
-
SHA256
88b5e4b1b533c398d790fbe974b2b369d72268069dcc64b53a742f4d1361c6bf
-
SHA512
1268a97a0afa4a7dff2a6b1429ec13143ce14c238a49f9b9cf3e8ee4adf0a1ebc388195b02a0a09a7a1ab7865eaed1d16826b7f3921111547f52158f2db14cbd
-
SSDEEP
49152:LzgZNELkkGo137QXFsHKCaEcFMICJ/r1lHszS6rY7fch38ZkcwMKvmLXhEbvYrTJ:V
Malware Config
Extracted
darkgate
http://getldrrgoodgame.com
Targets
-
-
Target
Test_395-13959.vbs
-
Size
6.9MB
-
MD5
5a9c56d5b6a4ae5fc402d99fa45f5598
-
SHA1
d1572724ca4ecc99edaf4104f51385265bb27682
-
SHA256
961372719771b69d8cf4d62f2b3703d7322544d16dc08036a217102382200498
-
SHA512
5c9ab4ba5c102217077e6b4981f99c1bbf7e0a1842bfe38edcaa5e5b59d3c7bc11a8954eb8917d05dc7addc4023fbc0758e7ed2ddcce861503ff940fcad93e57
-
SSDEEP
49152:jzgZNELkkGo137QXFsHKCaEcFMICJ/r1lHszS6rY7fch38ZkcwMKvmLXhEbvYrTJ:t
Score10/10-
DarkGate
DarkGate is an infostealer written in C++.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-