General
-
Target
08112023_0856_55610dd00539.zip
-
Size
65KB
-
Sample
231108-bag6kaba8w
-
MD5
823c2c36d366fe0e29d135d99f7b428f
-
SHA1
8cb3a87592e05355101ae8dda900b38fdc975428
-
SHA256
7515593dc715921093ee22ca732848867719e8bf3a42ebeab02ffee0442dbce0
-
SHA512
d08af8b5a66ec49ec725df6c0c1773e569cc28762c2f1e94b59c9044ba19e2cfabcf071d0107d7a4a01708bb53f60ef0d75b965ed09367fac46172f4d9e8d640
-
SSDEEP
1536:eIhw5NV6EGYXQYnNAr56IdobO5AhCKDocR:e24GmA6o5DKkY
Static task
static1
Behavioral task
behavioral1
Sample
55610dd00539.js
Resource
win7-20231023-en
Malware Config
Extracted
darkgate
PLEX
http://adfincolniclo.com
-
alternative_c2_port
8080
-
anti_analysis
true
-
anti_debug
true
-
anti_vm
true
-
c2_port
8443
-
check_disk
false
-
check_ram
true
-
check_xeon
false
-
crypter_au3
false
-
crypter_dll
false
-
crypter_rawstub
true
-
crypto_key
XlGcWKEQCWdmzP
-
internal_mutex
txtMut
-
minimum_disk
18
-
minimum_ram
6005
-
ping_interval
4
-
rootkit
true
-
startup_persistence
true
-
username
PLEX
Targets
-
-
Target
55610dd00539.js
-
Size
253KB
-
MD5
aeb8f1c6c921fbdde0e82cc6c16d911a
-
SHA1
7f04a7b709a9061dfbea8c0006b116e7639b04ca
-
SHA256
26421886a7d4d780f365d6531d6c945211a5a9d180ea1eda9cafdb8571323d62
-
SHA512
e1e441c59c482fe04bf4574d4c473d24a9003c2f57aac7464407827efc461a9b1b7ab11c0045e7a0cd54df7c63e8cfa40debc54e300164f558b85790b7938ad8
-
SSDEEP
6144:ae7hgXeerjqlI2Iro+4e7hgXeerjqlI2Iro+8:aIhgSlI23NIhgSlI23V
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-