General
-
Target
02112023_0238_gentle.js
-
Size
135KB
-
Sample
231101-xakgksde46
-
MD5
77ee5081c5c481378ed54009f53173c6
-
SHA1
d70867e9e78247eebd54f54516ac8a046368d3f2
-
SHA256
c953d07e2917511b5d9111da517ae28c3f4f07e84c1cfde09e1e69bb60299b0e
-
SHA512
697421ef3ccdd66e1c94a2c388da6ee68e9d501ee841d2eb53254b4784715475057d2b05740e760cb6bdcfead10174101db9e5569f3cb44db5525d5291cbb9b0
-
SSDEEP
1536:hZUTSCM9Cfq7u02PmUVdGXjXl4xc5KTPBoMqS7j8frPWgtZPnCUQrNgZnFFQE/0c:UT9U7hgaX6eerjqlI2IO6Mzqfpu
Malware Config
Extracted
darkgate
user_871236672
http://shsukadadyuikmmonk.com
-
alternative_c2_port
8080
-
anti_analysis
true
-
anti_debug
true
-
anti_vm
true
-
c2_port
2351
-
check_disk
true
-
check_ram
true
-
check_xeon
true
-
crypter_au3
false
-
crypter_dll
false
-
crypter_rawstub
true
-
crypto_key
WccksaEfoXLLtV
-
internal_mutex
txtMut
-
minimum_disk
50
-
minimum_ram
6001
-
ping_interval
4
-
rootkit
true
-
startup_persistence
true
-
username
user_871236672
Targets
-
-
Target
02112023_0238_gentle.js
-
Size
135KB
-
MD5
77ee5081c5c481378ed54009f53173c6
-
SHA1
d70867e9e78247eebd54f54516ac8a046368d3f2
-
SHA256
c953d07e2917511b5d9111da517ae28c3f4f07e84c1cfde09e1e69bb60299b0e
-
SHA512
697421ef3ccdd66e1c94a2c388da6ee68e9d501ee841d2eb53254b4784715475057d2b05740e760cb6bdcfead10174101db9e5569f3cb44db5525d5291cbb9b0
-
SSDEEP
1536:hZUTSCM9Cfq7u02PmUVdGXjXl4xc5KTPBoMqS7j8frPWgtZPnCUQrNgZnFFQE/0c:UT9U7hgaX6eerjqlI2IO6Mzqfpu
Score10/10-
DarkGate
DarkGate is an infostealer written in C++.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-