General
-
Target
612b7a607a8e.msi
-
Size
8.5MB
-
Sample
231108-w4sjlsee25
-
MD5
5e5704e30401f1ba9906e382f6a7c684
-
SHA1
f3d67076e491ab59f33a06afcd00a42d9a344711
-
SHA256
3d36c21c7f255ba1596da6e9a771b61d5120113376f519d13b336343362f2b4a
-
SHA512
a83c23efb0cc54a666a322a8d492c53ea9fc5a2de9b53dfadaab7d98724fcb53c93edbddb174f381e02e9cc47b0a4ba5bb217ce01069937c6e4bdd1a7dedd514
-
SSDEEP
196608:xeS5hV9/S6WXbfXlTrn7HZ5AQX3AveLukj1w9lqFM2CMhimhs4W:xdhVs6WXjX9HZ5AQX32WDuqRCMhif4W
Malware Config
Extracted
darkgate
PLEX
http://homeservicetreking.com
-
alternative_c2_port
8080
-
anti_analysis
true
-
anti_debug
true
-
anti_vm
true
-
c2_port
8443
-
check_disk
false
-
check_ram
true
-
check_xeon
true
-
crypter_au3
false
-
crypter_dll
false
-
crypter_rawstub
true
-
crypto_key
mnNxiNpBWVirQR
-
internal_mutex
txtMut
-
minimum_disk
20
-
minimum_ram
6024
-
ping_interval
4
-
rootkit
true
-
startup_persistence
true
-
username
PLEX
Targets
-
-
Target
612b7a607a8e.msi
-
Size
8.5MB
-
MD5
5e5704e30401f1ba9906e382f6a7c684
-
SHA1
f3d67076e491ab59f33a06afcd00a42d9a344711
-
SHA256
3d36c21c7f255ba1596da6e9a771b61d5120113376f519d13b336343362f2b4a
-
SHA512
a83c23efb0cc54a666a322a8d492c53ea9fc5a2de9b53dfadaab7d98724fcb53c93edbddb174f381e02e9cc47b0a4ba5bb217ce01069937c6e4bdd1a7dedd514
-
SSDEEP
196608:xeS5hV9/S6WXbfXlTrn7HZ5AQX3AveLukj1w9lqFM2CMhimhs4W:xdhVs6WXjX9HZ5AQX32WDuqRCMhif4W
Score10/10-
DarkGate
DarkGate is an infostealer written in C++.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-