General
-
Target
advance.js
-
Size
135KB
-
Sample
231027-s4nc4sfd5v
-
MD5
8169317a5e6490aadd707cefe626a58e
-
SHA1
5e1b3fb8ab4faa121fdc203cbc51e7472cbbf1b0
-
SHA256
0935ffbd6eb40f99494f748a513ac8272239d529c4b3930f07cdef620145d19d
-
SHA512
246420d3e7356473ced3aa57d6758162ed0eaa3d9343e1529044291e3c5f07c1e0d279546dcacef82acb95c66455a988f8efed9bd1d5775a8a60a48fc7b2016b
-
SSDEEP
1536:BZUTSCM9Cfq7u02PmUVdGXjXl4xc5KTPBoMqS7j8frPWgtZPnCUQrNgZnFFQE/05:0T9U7hgaX6eerjqlI2IO6Mzqfh
Malware Config
Extracted
darkgate
user_871236672
http://profitcentronline.com
-
alternative_c2_port
8080
-
anti_analysis
true
-
anti_debug
true
-
anti_vm
true
-
c2_port
2351
-
check_disk
true
-
check_ram
true
-
check_xeon
true
-
crypter_au3
false
-
crypter_dll
false
-
crypter_rawstub
true
-
crypto_key
eirBKBYGAueQeS
-
internal_mutex
txtMut
-
minimum_disk
40
-
minimum_ram
6000
-
ping_interval
4
-
rootkit
true
-
startup_persistence
true
-
username
user_871236672
Targets
-
-
Target
advance.js
-
Size
135KB
-
MD5
8169317a5e6490aadd707cefe626a58e
-
SHA1
5e1b3fb8ab4faa121fdc203cbc51e7472cbbf1b0
-
SHA256
0935ffbd6eb40f99494f748a513ac8272239d529c4b3930f07cdef620145d19d
-
SHA512
246420d3e7356473ced3aa57d6758162ed0eaa3d9343e1529044291e3c5f07c1e0d279546dcacef82acb95c66455a988f8efed9bd1d5775a8a60a48fc7b2016b
-
SSDEEP
1536:BZUTSCM9Cfq7u02PmUVdGXjXl4xc5KTPBoMqS7j8frPWgtZPnCUQrNgZnFFQE/05:0T9U7hgaX6eerjqlI2IO6Mzqfh
Score10/10-
DarkGate
DarkGate is an infostealer written in C++.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-