General
-
Target
377d8d910f7d6747727ca413967d6395.bin
-
Size
7.5MB
-
Sample
231027-btl9mace54
-
MD5
fa6117d1707979479faf92b92bb07ff3
-
SHA1
d072c8a0b62fb4ffbd534231f1f17dd8ec51b897
-
SHA256
a49d0f1fd53dcab208ab3aea72a71e7a54377b12a738f842224be78d18cc5cfd
-
SHA512
da452b8c936ce107ceeec5d4a8c17afd1322eaf5d2f8ecb5727ec43d9bfec0c771a01d418b8b3b8880a30ae8efcc85b08db713782ba0b0192d75d6a5830d917e
-
SSDEEP
196608:Ba3e+FaQ4DIB9JapxXBLRWuUrBeZ7M8OYQgKJX2xa+4uHW/4jJ/pMrw:Oe+KK9JuRwBrsFMhXgKJGxhRjVpMc
Malware Config
Extracted
darkgate
user_871236672
http://taochinashowwers.com
-
alternative_c2_port
8080
-
anti_analysis
true
-
anti_debug
true
-
anti_vm
true
-
c2_port
2351
-
check_disk
true
-
check_ram
true
-
check_xeon
true
-
crypter_au3
false
-
crypter_dll
false
-
crypter_rawstub
true
-
crypto_key
nOuJEtbQBOlJBY
-
internal_mutex
txtMut
-
minimum_disk
40
-
minimum_ram
7000
-
ping_interval
4
-
rootkit
true
-
startup_persistence
true
-
username
user_871236672
Targets
-
-
Target
68952e8c311d1573b62d02c60a189e8c248530d4584eef1c7f0ff5ee20d730ab.msi
-
Size
7.6MB
-
MD5
377d8d910f7d6747727ca413967d6395
-
SHA1
36aa20471f41b5814e3c1436cd0de3396267a623
-
SHA256
68952e8c311d1573b62d02c60a189e8c248530d4584eef1c7f0ff5ee20d730ab
-
SHA512
15a43cc07fc4b0deb267f8b243e0b23eee8a63d1178b1a23b8cfcfe52fa8a7ebd04a8b588ca19adabfc8ea198166350f3b78765fd1736ca844fd83e93b306c98
-
SSDEEP
98304:kpMKjsEZcgsdUqakFRFawTV82ASqQBW9vpWzxjFycvniqy33XglSB2CiU39XdiC9:M1NsUqai/pTOryNnxyXxBTi4iCo4N
Score10/10-
DarkGate
DarkGate is an infostealer written in C++.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-