General
-
Target
stopdoingthis.zip
-
Size
7.5MB
-
Sample
231026-t8j2xseg85
-
MD5
3426ce4d0d4db90e01271b64c391a152
-
SHA1
2af57aaea528ec182121933a5ebae73fce831a99
-
SHA256
0646448bea61e9d5ac23298a57dcae0d0e1a558e52bb66afcd7668ed0dfe348f
-
SHA512
7f5a4fb97053a00a404c335609abf20cf2ed18917c391a332dd3c89bdfd93b05e6b7225fcc398896984493f72eb0fcc7ff1060ed6a736166ffc4e17f53b94957
-
SSDEEP
98304:a4XiEdcM+DW0g2dRRCk7JqgWIY2NGPlJIdpnBmQV1ikKXFdGlo/uic6Xr/ffGy5n:HrT6W0gIPF7AZiJ1tKzz/Jca2IS4YZy
Malware Config
Extracted
darkgate
user_871236672
http://onlineserviceboonkers.com
-
alternative_c2_port
8080
-
anti_analysis
true
-
anti_debug
true
-
anti_vm
true
-
c2_port
2351
-
check_disk
true
-
check_ram
true
-
check_xeon
true
-
crypter_au3
false
-
crypter_dll
false
-
crypter_rawstub
true
-
crypto_key
yBhTbTZsxrLjqz
-
internal_mutex
txtMut
-
minimum_disk
35
-
minimum_ram
6000
-
ping_interval
4
-
rootkit
true
-
startup_persistence
true
-
username
user_871236672
Targets
-
-
Target
stopdoingthis.msi
-
Size
7.7MB
-
MD5
599423697dafc91edf9cc90aba306646
-
SHA1
a6f3060af91d9bbea8e72a23b5f92896edf4c3a9
-
SHA256
12f5d9383518e88b0b7b857b946d33de8c9a075b1b348a7df83ae983c5fefeaa
-
SHA512
862f6452f8bb0108d8b5535a5bdd35e0c452c0993fa0d6ec5b6f9d059c2711fe4748e25ab201a16bace528c81abd4fb21e60e384eb123185dda19d5bb2af4a80
-
SSDEEP
98304:TpFKjsEZcgsdUqakFRFawTV82ASqQBW9vpWzxjFycvniqy33XglSB2CiU39hItDb:61NsUqai/pTOryNnxyXxBTiWKmbSQMR
Score10/10-
DarkGate
DarkGate is an infostealer written in C++.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-