General
-
Target
1.msi
-
Size
1.8MB
-
Sample
231011-x1x6csab54
-
MD5
c17a3205c5c48939cf8b41f2e9b7ba50
-
SHA1
f355a29e703fca1228b1dae4c66970d9456189fd
-
SHA256
28deeda01ab7b37199d07892d03e0a6df45b11c61a0e637fb4533de7d0dfb860
-
SHA512
db2095ad9a7e34e6a1f5bfae73093946ecd546ac0cba6f8b0f89ff084ece42162d739295642a8227cd32a194b1e1c29046d480456be554507a0a269fdf0d418c
-
SSDEEP
49152:epUPfjpSNeHaHGYayNId4pWL56Hq05vHjYL57CBN4/6sT:epeeHGKId+W1n6/01kN4ysT
Malware Config
Extracted
darkgate
AA11
http://94.228.169.143
-
alternative_c2_port
8080
-
anti_analysis
true
-
anti_debug
true
-
anti_vm
false
-
c2_port
2351
-
check_disk
false
-
check_ram
false
-
check_xeon
false
-
crypter_au3
true
-
crypter_dll
false
-
crypter_rawstub
false
-
crypto_key
bABouSDRyBocvj
-
internal_mutex
txtMut
-
minimum_disk
100
-
minimum_ram
4096
-
ping_interval
4
-
rootkit
true
-
startup_persistence
true
-
username
AA11
Targets
-
-
Target
1.msi
-
Size
1.8MB
-
MD5
c17a3205c5c48939cf8b41f2e9b7ba50
-
SHA1
f355a29e703fca1228b1dae4c66970d9456189fd
-
SHA256
28deeda01ab7b37199d07892d03e0a6df45b11c61a0e637fb4533de7d0dfb860
-
SHA512
db2095ad9a7e34e6a1f5bfae73093946ecd546ac0cba6f8b0f89ff084ece42162d739295642a8227cd32a194b1e1c29046d480456be554507a0a269fdf0d418c
-
SSDEEP
49152:epUPfjpSNeHaHGYayNId4pWL56Hq05vHjYL57CBN4/6sT:epeeHGKId+W1n6/01kN4ysT
Score10/10-
DarkGate
DarkGate is an infostealer written in C++.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-