General
-
Target
5f475d11b0914f11.js
-
Size
254KB
-
Sample
231107-tvsf5sbf5s
-
MD5
40e1292e9b1fe1a88b32b99e3ca9f72f
-
SHA1
5a0403673919d994412f4635998e8f8a3ac315a8
-
SHA256
00f25f4e27938650e42747fc5b85d87e040d8c79db82c72ccf05ca03c8d32771
-
SHA512
3ed3109bd47fe056f01a5c6cb912addf2a90e9e55e1c412d3641d42335f80058594e2294b5c4cb6fd6d728add7a03115807595c87a4ff32149e93624dbad8e67
-
SSDEEP
6144:Ne7hgXeerjqlI2Iro+qg3e7hgXeerjqlI2Iro+8:NIhgSlI23tKIhgSlI23V
Malware Config
Extracted
darkgate
user_871236672
http://8sjimonstersboonkonline.com
-
alternative_c2_port
8080
-
anti_analysis
true
-
anti_debug
true
-
anti_vm
true
-
c2_port
2351
-
check_disk
false
-
check_ram
true
-
check_xeon
false
-
crypter_au3
false
-
crypter_dll
false
-
crypter_rawstub
true
-
crypto_key
hxFtopOWuHrZAv
-
internal_mutex
txtMut
-
minimum_disk
41
-
minimum_ram
6002
-
ping_interval
4
-
rootkit
true
-
startup_persistence
true
-
username
user_871236672
Targets
-
-
Target
5f475d11b0914f11.js
-
Size
254KB
-
MD5
40e1292e9b1fe1a88b32b99e3ca9f72f
-
SHA1
5a0403673919d994412f4635998e8f8a3ac315a8
-
SHA256
00f25f4e27938650e42747fc5b85d87e040d8c79db82c72ccf05ca03c8d32771
-
SHA512
3ed3109bd47fe056f01a5c6cb912addf2a90e9e55e1c412d3641d42335f80058594e2294b5c4cb6fd6d728add7a03115807595c87a4ff32149e93624dbad8e67
-
SSDEEP
6144:Ne7hgXeerjqlI2Iro+qg3e7hgXeerjqlI2Iro+8:NIhgSlI23tKIhgSlI23V
Score10/10-
DarkGate
DarkGate is an infostealer written in C++.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-