General
-
Target
GGGGGElicnse.js
-
Size
253KB
-
Sample
231103-xyh9esha4s
-
MD5
bb897b6af926de14bba7e9752318061a
-
SHA1
2dbd55f9cedb96553a18cb863e27b8d608cce40c
-
SHA256
ae0f7106f8b0e11c5526a8f1326c4705266a24cc933b5caa4dca735692cd959f
-
SHA512
9c0e544f9748339b1c6e480468f8d8fde1601ba9c2bf9c17c1d5858f640dc197ebd2dc93a78f3cb525f7bc8887ba45eb678e2dbbd52a3f9dbd65ae543672d09b
-
SSDEEP
6144:de7hgXeerjqlI2Iro+W8Bne7hgXeerjqlI2Iro+8:dIhgSlI23J8pIhgSlI23V
Malware Config
Extracted
darkgate
user_871236672
http://showmoreresultonliner.com
-
alternative_c2_port
8080
-
anti_analysis
true
-
anti_debug
true
-
anti_vm
true
-
c2_port
2351
-
check_disk
true
-
check_ram
true
-
check_xeon
false
-
crypter_au3
false
-
crypter_dll
false
-
crypter_rawstub
true
-
crypto_key
DDfcMjFaEKfNOW
-
internal_mutex
txtMut
-
minimum_disk
60
-
minimum_ram
6000
-
ping_interval
4
-
rootkit
true
-
startup_persistence
true
-
username
user_871236672
Targets
-
-
Target
GGGGGElicnse.js
-
Size
253KB
-
MD5
bb897b6af926de14bba7e9752318061a
-
SHA1
2dbd55f9cedb96553a18cb863e27b8d608cce40c
-
SHA256
ae0f7106f8b0e11c5526a8f1326c4705266a24cc933b5caa4dca735692cd959f
-
SHA512
9c0e544f9748339b1c6e480468f8d8fde1601ba9c2bf9c17c1d5858f640dc197ebd2dc93a78f3cb525f7bc8887ba45eb678e2dbbd52a3f9dbd65ae543672d09b
-
SSDEEP
6144:de7hgXeerjqlI2Iro+W8Bne7hgXeerjqlI2Iro+8:dIhgSlI23J8pIhgSlI23V
Score10/10-
DarkGate
DarkGate is an infostealer written in C++.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-