General
-
Target
2a2cfd61d4ebc2f4956e9a56815b7c0f.bin
-
Size
8.2MB
-
Sample
231103-bmnh4shh4y
-
MD5
9cbe212e1b1a3be241b68304e4bd85a6
-
SHA1
abac6e2b40fbb5f75e8de86554e5165edd84cabd
-
SHA256
9a04642537126dfbe384c18c082b04b705e08d1a0b167a7e2dd6c18f02d38054
-
SHA512
fe264ca37144ba3a02e5f6c3f820b774f85ce9fde3c45508355546cb8f36a3e21c8c22be6ce94adbc7926ee657f42d85db20cc2ea329874fc1564ba5d093627d
-
SSDEEP
196608:7ncoogZoPs25Hu8r9onHcadY9L+J2ilqVLgInvXRP9H6vAKsMyL:poPs25OHnHg9L+JVklnvXRVVKRyL
Malware Config
Extracted
darkgate
ADS5
http://sftp.noheroway.com
-
alternative_c2_port
8080
-
anti_analysis
true
-
anti_debug
true
-
anti_vm
true
-
c2_port
443
-
check_disk
true
-
check_ram
true
-
check_xeon
true
-
crypter_au3
false
-
crypter_dll
false
-
crypter_rawstub
true
-
crypto_key
ATXtlWVDuHaLOk
-
internal_mutex
txtMut
-
minimum_disk
40
-
minimum_ram
6000
-
ping_interval
4
-
rootkit
true
-
startup_persistence
true
-
username
ADS5
Targets
-
-
Target
3a67f1634416de1483327e8cfe38c456f6891512433f5128df07444e44b886cd.msi
-
Size
8.3MB
-
MD5
2a2cfd61d4ebc2f4956e9a56815b7c0f
-
SHA1
47718e8df5e7a0d0b2c74f10696ca50cf6e1e0b9
-
SHA256
3a67f1634416de1483327e8cfe38c456f6891512433f5128df07444e44b886cd
-
SHA512
96989896a5eb3dc99d602cad4bfa4ced65ac04a1fd5e79c8c09a70e3a5ce6bcd8eb686ab96f55191a2e5712c23f543ac5f29ab11e773238c27c76905cd4cdb22
-
SSDEEP
196608:ikdAirk9zqV8GinTPMoGkd/ROfL0uUmN4in1VAnEVYxVSe317I:pdAirAzqVAnTPMgd+0ogHnF317I
Score10/10-
DarkGate
DarkGate is an infostealer written in C++.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-