General
-
Target
5326ed.msi
-
Size
2.2MB
-
Sample
231012-h17x8sfe28
-
MD5
cceefe7696ebbc58b4a5046f55db0fb7
-
SHA1
917dc0425e7335c16b020acf2d650c2dad8e76c7
-
SHA256
882017acad53183bb5b4c0a206f78593589498487d235e6fa9ca21e6a8f851eb
-
SHA512
9c40cdc797c51c1300e00ae9ca240f669bb4f450c64dec32031f9fd211bbc2bdce989da097ddea5f530732a47bb460b8451e2bd4451ca6380b80cd5d907e9d12
-
SSDEEP
49152:VpUPh29bl2/kdgN1MLtGluJZqAqFFjYgTlkezLogCg:Vpggbl2zN1MWuJZqAqLjJxkeQgC
Malware Config
Extracted
darkgate
general7
http://katiklan.tech
http://zochao.com
-
alternative_c2_port
9999
-
anti_analysis
false
-
anti_debug
false
-
anti_vm
false
-
c2_port
2351
-
check_disk
false
-
check_ram
false
-
check_xeon
false
-
crypter_au3
true
-
crypter_dll
false
-
crypter_rawstub
false
-
crypto_key
kOYRfwihlHyFsV
-
internal_mutex
dcbCbK
-
minimum_disk
100
-
minimum_ram
4096
-
ping_interval
4
-
rootkit
true
-
startup_persistence
true
-
username
general7
Targets
-
-
Target
5326ed.msi
-
Size
2.2MB
-
MD5
cceefe7696ebbc58b4a5046f55db0fb7
-
SHA1
917dc0425e7335c16b020acf2d650c2dad8e76c7
-
SHA256
882017acad53183bb5b4c0a206f78593589498487d235e6fa9ca21e6a8f851eb
-
SHA512
9c40cdc797c51c1300e00ae9ca240f669bb4f450c64dec32031f9fd211bbc2bdce989da097ddea5f530732a47bb460b8451e2bd4451ca6380b80cd5d907e9d12
-
SSDEEP
49152:VpUPh29bl2/kdgN1MLtGluJZqAqFFjYgTlkezLogCg:Vpggbl2zN1MWuJZqAqLjJxkeQgC
Score10/10-
DarkGate
DarkGate is an infostealer written in C++.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-