General
-
Target
ae0f7106f8b0e11c5526a8f1326c4705266a24cc933b5caa4dca735692cd959f.zip
-
Size
66KB
-
Sample
231105-l252tagb44
-
MD5
6336f35521150d0f3b3d982ae7beb6af
-
SHA1
028b964f56e86f6371822c30d3c500a56e159a96
-
SHA256
dffb4245c1dd2429343a189120bc4f1a601dd5b3012bc66a67d17dd85a5efa62
-
SHA512
ba2b26fd54b9c0e062fa95202f3fc3b6bf148c5b38614bbd1949daa541a8f538fde453b4325e626b57cce2dc32d61129c636e002d911f01043cef1839373c66d
-
SSDEEP
1536:AI+h+HWox99CPch2Fc4bp0jzfVJWXXMsJxJs5LgEVhk5jt:ACx4FpbYzfVSdsZgEVOjt
Malware Config
Extracted
darkgate
user_871236672
http://showmoreresultonliner.com
-
alternative_c2_port
8080
-
anti_analysis
true
-
anti_debug
true
-
anti_vm
true
-
c2_port
2351
-
check_disk
true
-
check_ram
true
-
check_xeon
false
-
crypter_au3
false
-
crypter_dll
false
-
crypter_rawstub
true
-
crypto_key
DDfcMjFaEKfNOW
-
internal_mutex
txtMut
-
minimum_disk
60
-
minimum_ram
6000
-
ping_interval
4
-
rootkit
true
-
startup_persistence
true
-
username
user_871236672
Targets
-
-
Target
ae0f7106f8b0e11c5526a8f1326c4705266a24cc933b5caa4dca735692cd959f.js
-
Size
253KB
-
MD5
bb897b6af926de14bba7e9752318061a
-
SHA1
2dbd55f9cedb96553a18cb863e27b8d608cce40c
-
SHA256
ae0f7106f8b0e11c5526a8f1326c4705266a24cc933b5caa4dca735692cd959f
-
SHA512
9c0e544f9748339b1c6e480468f8d8fde1601ba9c2bf9c17c1d5858f640dc197ebd2dc93a78f3cb525f7bc8887ba45eb678e2dbbd52a3f9dbd65ae543672d09b
-
SSDEEP
6144:de7hgXeerjqlI2Iro+W8Bne7hgXeerjqlI2Iro+8:dIhgSlI23J8pIhgSlI23V
Score10/10-
DarkGate
DarkGate is an infostealer written in C++.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-