General
-
Target
09112023_2337_startapp(ffb8a7da0da).msi
-
Size
8.5MB
-
Sample
231109-s2wxgabe29
-
MD5
30f609163975bb23ef270cd28d9bd860
-
SHA1
95eb2a472e40ee3462a42941dcbe7696f540bc9f
-
SHA256
4d956c9cba8b729edaf55cfda42a2540555e4ab8dcfb8492882ecfac6bb270f8
-
SHA512
73d2be8caa12a6dec524a16d5b3f018dab8bf883c1b7d2fb659b635a93ff349fddcb566b51aa60c8837d843fbea2a0850594711a5eccbc10bcc0fb1cbe92867b
-
SSDEEP
196608:9eS5hV9/S6WXbfXlTrn7HZ5AQX3AveLukj1w9cpdWVgu1hf:9dhVs6WXjX9HZ5AQX32WDhIVguff
Malware Config
Extracted
darkgate
ADS5
http://siliconerumble.com
-
alternative_c2_port
8080
-
anti_analysis
true
-
anti_debug
true
-
anti_vm
true
-
c2_port
443
-
check_disk
false
-
check_ram
true
-
check_xeon
true
-
crypter_au3
false
-
crypter_dll
false
-
crypter_rawstub
true
-
crypto_key
IVGEhYkpeLqmJU
-
internal_mutex
txtMut
-
minimum_disk
32
-
minimum_ram
6005
-
ping_interval
4
-
rootkit
true
-
startup_persistence
true
-
username
ADS5
Targets
-
-
Target
09112023_2337_startapp(ffb8a7da0da).msi
-
Size
8.5MB
-
MD5
30f609163975bb23ef270cd28d9bd860
-
SHA1
95eb2a472e40ee3462a42941dcbe7696f540bc9f
-
SHA256
4d956c9cba8b729edaf55cfda42a2540555e4ab8dcfb8492882ecfac6bb270f8
-
SHA512
73d2be8caa12a6dec524a16d5b3f018dab8bf883c1b7d2fb659b635a93ff349fddcb566b51aa60c8837d843fbea2a0850594711a5eccbc10bcc0fb1cbe92867b
-
SSDEEP
196608:9eS5hV9/S6WXbfXlTrn7HZ5AQX3AveLukj1w9cpdWVgu1hf:9dhVs6WXjX9HZ5AQX32WDhIVguff
Score10/10-
DarkGate
DarkGate is an infostealer written in C++.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-