General
-
Target
04112023_0107_TQFWEDZVXCG21sad.zip
-
Size
65KB
-
Sample
231103-vmzqxsfc6z
-
MD5
7813e30c13d323d1f4894abb3787446e
-
SHA1
9b60a9bffba92788470076bca526a08b81df81a5
-
SHA256
2c1b2f7afd549e86457ad80a8800194d11ef2a98a185dc73d4241237e7cc06ed
-
SHA512
2bf911cd6fe1344835eb66755e943c8cd216da326e3f9b6a2ce19d0831ad959c568f80203ab17178b24e66d6030f057e92197fbbbad7cbeb812fcfa0c64f824f
-
SSDEEP
1536:i1IPy0uTuQ1x5MtMM3FmxeM43nW3L2+5vmr8MG/4E8BvmGmqR:Zy0uTL5MtM4DiL2+5vmxmGmc
Malware Config
Extracted
darkgate
user_871236672
http://showmoreresultonliner.com
-
alternative_c2_port
8080
-
anti_analysis
true
-
anti_debug
true
-
anti_vm
true
-
c2_port
2351
-
check_disk
true
-
check_ram
true
-
check_xeon
false
-
crypter_au3
false
-
crypter_dll
false
-
crypter_rawstub
true
-
crypto_key
mhbwgOFHfMQsfd
-
internal_mutex
txtMut
-
minimum_disk
50
-
minimum_ram
6000
-
ping_interval
4
-
rootkit
true
-
startup_persistence
true
-
username
user_871236672
Targets
-
-
Target
TQFWEDZVXCG21sad.js
-
Size
253KB
-
MD5
cb92b8b30ac17b4fcef7da73ec9cf1c8
-
SHA1
0974484ff5636d2a5f1157143dabe847f0e149f7
-
SHA256
97f40a1f53f41c5c119d2a95f45a7a02a7decbe19c540884f12aca4f485e0882
-
SHA512
6904965167da98fb9cfa3df434a2ec17e93130508700bcf516bb892740de573d11770b629b5a5adc3c5d83b67831f31194603614c324b8e7a8d4e0f90f2413f3
-
SSDEEP
6144:6e7hgXeerjqlI2Iro+2Re7hgXeerjqlI2Iro+8:6IhgSlI23rRIhgSlI23V
Score10/10-
DarkGate
DarkGate is an infostealer written in C++.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-