General
-
Target
NEAS.21d51086d7aa99d7d96a5e9aa196da720fcf526fbe2421972e1c3555bb84fc8cjs_JC.js
-
Size
135KB
-
Sample
231026-wtp1qsfd76
-
MD5
a509ba7ed20b627448a220c2924d3a07
-
SHA1
4b2cc002217a95e42fa0d7b49ef5688ca186e74f
-
SHA256
21d51086d7aa99d7d96a5e9aa196da720fcf526fbe2421972e1c3555bb84fc8c
-
SHA512
9bfb1c14168d4ed73a6bd01eee819939676c412c0e3729d455b3f63df1eefa7607ddc5074ac69123b17660d2264343dd8afed089f123b6cf41c742bd681ec544
-
SSDEEP
1536:BZUTSCM9Cfq7u02PmUVdGXjXl4xc5KTPBoMqS7j8frPWgtZPnCUQrNgZnFFQE/0m:0T9U7hgaX6eerjqlI2IO6MzqfJAl
Malware Config
Extracted
darkgate
ADS5
http://sftp.bitepieces.com
-
alternative_c2_port
8080
-
anti_analysis
true
-
anti_debug
true
-
anti_vm
true
-
c2_port
443
-
check_disk
true
-
check_ram
true
-
check_xeon
true
-
crypter_au3
false
-
crypter_dll
false
-
crypter_rawstub
true
-
crypto_key
ibUsJJzrDXJckq
-
internal_mutex
txtMut
-
minimum_disk
40
-
minimum_ram
7000
-
ping_interval
4
-
rootkit
true
-
startup_persistence
true
-
username
ADS5
Targets
-
-
Target
NEAS.21d51086d7aa99d7d96a5e9aa196da720fcf526fbe2421972e1c3555bb84fc8cjs_JC.js
-
Size
135KB
-
MD5
a509ba7ed20b627448a220c2924d3a07
-
SHA1
4b2cc002217a95e42fa0d7b49ef5688ca186e74f
-
SHA256
21d51086d7aa99d7d96a5e9aa196da720fcf526fbe2421972e1c3555bb84fc8c
-
SHA512
9bfb1c14168d4ed73a6bd01eee819939676c412c0e3729d455b3f63df1eefa7607ddc5074ac69123b17660d2264343dd8afed089f123b6cf41c742bd681ec544
-
SSDEEP
1536:BZUTSCM9Cfq7u02PmUVdGXjXl4xc5KTPBoMqS7j8frPWgtZPnCUQrNgZnFFQE/0m:0T9U7hgaX6eerjqlI2IO6MzqfJAl
Score10/10-
DarkGate
DarkGate is an infostealer written in C++.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-