General
-
Target
Test_395-13959.zip
-
Size
6.9MB
-
Sample
231004-rpmycsed29
-
MD5
e338dea73983feaf5bb00fd510f995c1
-
SHA1
e82c11612c0870e8175eafa8c9c5f9151d0b80d7
-
SHA256
88b5e4b1b533c398d790fbe974b2b369d72268069dcc64b53a742f4d1361c6bf
-
SHA512
1268a97a0afa4a7dff2a6b1429ec13143ce14c238a49f9b9cf3e8ee4adf0a1ebc388195b02a0a09a7a1ab7865eaed1d16826b7f3921111547f52158f2db14cbd
-
SSDEEP
49152:LzgZNELkkGo137QXFsHKCaEcFMICJ/r1lHszS6rY7fch38ZkcwMKvmLXhEbvYrTJ:V
Malware Config
Extracted
darkgate
A1111
http://getldrrgoodgame.com
-
alternative_c2_port
8080
-
anti_analysis
true
-
anti_debug
true
-
anti_vm
false
-
c2_port
2351
-
check_disk
false
-
check_ram
false
-
check_xeon
false
-
crypter_au3
true
-
crypter_dll
false
-
crypter_rawstub
false
-
crypto_key
eYCqpouVyqrXSL
-
internal_mutex
txtMut
-
minimum_disk
100
-
minimum_ram
4096
-
ping_interval
4
-
rootkit
true
-
startup_persistence
true
-
username
A1111
Targets
-
-
Target
Test_395-13959.vbs
-
Size
6.9MB
-
MD5
5a9c56d5b6a4ae5fc402d99fa45f5598
-
SHA1
d1572724ca4ecc99edaf4104f51385265bb27682
-
SHA256
961372719771b69d8cf4d62f2b3703d7322544d16dc08036a217102382200498
-
SHA512
5c9ab4ba5c102217077e6b4981f99c1bbf7e0a1842bfe38edcaa5e5b59d3c7bc11a8954eb8917d05dc7addc4023fbc0758e7ed2ddcce861503ff940fcad93e57
-
SSDEEP
49152:jzgZNELkkGo137QXFsHKCaEcFMICJ/r1lHszS6rY7fch38ZkcwMKvmLXhEbvYrTJ:t
Score10/10-
DarkGate
DarkGate is an infostealer written in C++.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-