General
-
Target
a509ba7ed20b627448a220c2924d3a07.bin
-
Size
34KB
-
Sample
231027-crb7babd6v
-
MD5
f4168b7d2231e2af31fcccde4c743785
-
SHA1
5a4cac566b3603896ef7229895e7b516caae0473
-
SHA256
fec89bc473f4719f3dbe08bd92f4ee75dc9ec279032a94860d01edd5370dcf6c
-
SHA512
c6af62761df05612b2bc6d8a4b9f36e6e2e72f138a30fc5a8fe2237cd4535195ef63c8df09710e88ad0a10a95c9abd30f66e681d2f76740b05fcac8a202bb81f
-
SSDEEP
768:2iNJ0yB11//1QKngTORLwXx7Cd1m5NwXxgWmP5gVvuXmgiqVf:2sj1VhgTUSWdcy+5Nmbuf
Malware Config
Extracted
darkgate
ADS5
http://sftp.bitepieces.com
-
alternative_c2_port
8080
-
anti_analysis
true
-
anti_debug
true
-
anti_vm
true
-
c2_port
443
-
check_disk
true
-
check_ram
true
-
check_xeon
true
-
crypter_au3
false
-
crypter_dll
false
-
crypter_rawstub
true
-
crypto_key
ibUsJJzrDXJckq
-
internal_mutex
txtMut
-
minimum_disk
40
-
minimum_ram
7000
-
ping_interval
4
-
rootkit
true
-
startup_persistence
true
-
username
ADS5
Targets
-
-
Target
21d51086d7aa99d7d96a5e9aa196da720fcf526fbe2421972e1c3555bb84fc8c.js
-
Size
135KB
-
MD5
a509ba7ed20b627448a220c2924d3a07
-
SHA1
4b2cc002217a95e42fa0d7b49ef5688ca186e74f
-
SHA256
21d51086d7aa99d7d96a5e9aa196da720fcf526fbe2421972e1c3555bb84fc8c
-
SHA512
9bfb1c14168d4ed73a6bd01eee819939676c412c0e3729d455b3f63df1eefa7607ddc5074ac69123b17660d2264343dd8afed089f123b6cf41c742bd681ec544
-
SSDEEP
1536:BZUTSCM9Cfq7u02PmUVdGXjXl4xc5KTPBoMqS7j8frPWgtZPnCUQrNgZnFFQE/0m:0T9U7hgaX6eerjqlI2IO6MzqfJAl
Score10/10-
DarkGate
DarkGate is an infostealer written in C++.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-