General
-
Target
07112023_2240_5f475d11b0914f11.zip
-
Size
65KB
-
Sample
231107-r15ybabf79
-
MD5
5607f5e86d635b60454c01d657841a25
-
SHA1
a91c6a0320551730f63ab562114f67d67db4edac
-
SHA256
27ad82073f21316b59443e53a8f76ded797fadff3e1ef74c968dd84914671778
-
SHA512
a7742cc60012fdf5f6f9fceb57a557f6669f5ae09c2ef93091f63412f463f43180cb1a67de52e55521cb82dc47f58aa2c4ee8a8a28535d59ae6c28fad9b89da9
-
SSDEEP
1536:45KlTQWldBtVfL45jooUF/gNV2UYnuAlkmWL:UmTQ0BtcFNV2ll5WL
Malware Config
Extracted
darkgate
user_871236672
http://8sjimonstersboonkonline.com
-
alternative_c2_port
8080
-
anti_analysis
true
-
anti_debug
true
-
anti_vm
true
-
c2_port
2351
-
check_disk
false
-
check_ram
true
-
check_xeon
false
-
crypter_au3
false
-
crypter_dll
false
-
crypter_rawstub
true
-
crypto_key
hxFtopOWuHrZAv
-
internal_mutex
txtMut
-
minimum_disk
41
-
minimum_ram
6002
-
ping_interval
4
-
rootkit
true
-
startup_persistence
true
-
username
user_871236672
Targets
-
-
Target
5f475d11b0914f11.js
-
Size
254KB
-
MD5
40e1292e9b1fe1a88b32b99e3ca9f72f
-
SHA1
5a0403673919d994412f4635998e8f8a3ac315a8
-
SHA256
00f25f4e27938650e42747fc5b85d87e040d8c79db82c72ccf05ca03c8d32771
-
SHA512
3ed3109bd47fe056f01a5c6cb912addf2a90e9e55e1c412d3641d42335f80058594e2294b5c4cb6fd6d728add7a03115807595c87a4ff32149e93624dbad8e67
-
SSDEEP
6144:Ne7hgXeerjqlI2Iro+qg3e7hgXeerjqlI2Iro+8:NIhgSlI23tKIhgSlI23V
Score10/10-
DarkGate
DarkGate is an infostealer written in C++.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-