General
-
Target
peopledie.msi
-
Size
7.6MB
-
Sample
231025-ys84bsfb32
-
MD5
377d8d910f7d6747727ca413967d6395
-
SHA1
36aa20471f41b5814e3c1436cd0de3396267a623
-
SHA256
68952e8c311d1573b62d02c60a189e8c248530d4584eef1c7f0ff5ee20d730ab
-
SHA512
15a43cc07fc4b0deb267f8b243e0b23eee8a63d1178b1a23b8cfcfe52fa8a7ebd04a8b588ca19adabfc8ea198166350f3b78765fd1736ca844fd83e93b306c98
-
SSDEEP
98304:kpMKjsEZcgsdUqakFRFawTV82ASqQBW9vpWzxjFycvniqy33XglSB2CiU39XdiC9:M1NsUqai/pTOryNnxyXxBTi4iCo4N
Malware Config
Extracted
darkgate
user_871236672
http://taochinashowwers.com
-
alternative_c2_port
8080
-
anti_analysis
true
-
anti_debug
true
-
anti_vm
true
-
c2_port
2351
-
check_disk
true
-
check_ram
true
-
check_xeon
true
-
crypter_au3
false
-
crypter_dll
false
-
crypter_rawstub
true
-
crypto_key
nOuJEtbQBOlJBY
-
internal_mutex
txtMut
-
minimum_disk
40
-
minimum_ram
7000
-
ping_interval
4
-
rootkit
true
-
startup_persistence
true
-
username
user_871236672
Targets
-
-
Target
peopledie.msi
-
Size
7.6MB
-
MD5
377d8d910f7d6747727ca413967d6395
-
SHA1
36aa20471f41b5814e3c1436cd0de3396267a623
-
SHA256
68952e8c311d1573b62d02c60a189e8c248530d4584eef1c7f0ff5ee20d730ab
-
SHA512
15a43cc07fc4b0deb267f8b243e0b23eee8a63d1178b1a23b8cfcfe52fa8a7ebd04a8b588ca19adabfc8ea198166350f3b78765fd1736ca844fd83e93b306c98
-
SSDEEP
98304:kpMKjsEZcgsdUqakFRFawTV82ASqQBW9vpWzxjFycvniqy33XglSB2CiU39XdiC9:M1NsUqai/pTOryNnxyXxBTi4iCo4N
Score10/10-
DarkGate
DarkGate is an infostealer written in C++.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-