General
-
Target
ZoomInstaller.msi
-
Size
1.7MB
-
Sample
231024-tvpegsbd7x
-
MD5
79f3e81f80108982afdb0375cd2d5878
-
SHA1
517dd7250d8e303dbeca3f7e084f702da12262d3
-
SHA256
5ec2ac23230810dba049ba6628fa0fd423626f1a24601896bcc71428d6fb9893
-
SHA512
bb42439f5e068e4d52c5adc776c0235596e3d755484ec5e97efa14e338af2171e20e1fd606a50679a390649146906882076565923ae5496e8b6c57a01270a0c0
-
SSDEEP
49152:apUPo/r9A+y5V8EHu4l4XcR+TpM4S/PHA0s5NhqaT:apJTSbkEHu0xR4pA3Hy5NUaT
Malware Config
Extracted
darkgate
A1111
http://81.19.135.17
-
alternative_c2_port
8080
-
anti_analysis
true
-
anti_debug
true
-
anti_vm
false
-
c2_port
2351
-
check_disk
false
-
check_ram
false
-
check_xeon
false
-
crypter_au3
true
-
crypter_dll
false
-
crypter_rawstub
false
-
crypto_key
XsiTyXlnWVdrXT
-
internal_mutex
txtMut
-
minimum_disk
100
-
minimum_ram
4096
-
ping_interval
4
-
rootkit
true
-
startup_persistence
true
-
username
A1111
Targets
-
-
Target
ZoomInstaller.msi
-
Size
1.7MB
-
MD5
79f3e81f80108982afdb0375cd2d5878
-
SHA1
517dd7250d8e303dbeca3f7e084f702da12262d3
-
SHA256
5ec2ac23230810dba049ba6628fa0fd423626f1a24601896bcc71428d6fb9893
-
SHA512
bb42439f5e068e4d52c5adc776c0235596e3d755484ec5e97efa14e338af2171e20e1fd606a50679a390649146906882076565923ae5496e8b6c57a01270a0c0
-
SSDEEP
49152:apUPo/r9A+y5V8EHu4l4XcR+TpM4S/PHA0s5NhqaT:apJTSbkEHu0xR4pA3Hy5NUaT
Score10/10-
DarkGate
DarkGate is an infostealer written in C++.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-