General
-
Target
4e176a52cd2a43e85549cd10cef5b1f0.bin
-
Size
8.4MB
-
Sample
231110-b8gmpaag28
-
MD5
3a7f20678c690897e1994a5b247021fb
-
SHA1
8cacb000e43d86da1ca03e9c49d5409f8c92035c
-
SHA256
4d5e55862b9522327705aec7c8d351c7ca19ec7941505031fe9b687d169bf571
-
SHA512
0cf653023e673d27e8144d84be2e7c908ab7d114e4e67243349feb5c2e93c0edcab0327571ad38e8b94532deaaf5bc4331199151d5adb945d8afff3d625dd2ec
-
SSDEEP
196608:Biz2AEuoxvu6i7+E00X4ASKLR0q1OJCJPk82gWwkRK:sCZuo1As0n1Oqk8IwaK
Malware Config
Extracted
darkgate
PLEX
http://homeservicetreking.com
-
alternative_c2_port
8080
-
anti_analysis
true
-
anti_debug
true
-
anti_vm
true
-
c2_port
8443
-
check_disk
false
-
check_ram
true
-
check_xeon
true
-
crypter_au3
false
-
crypter_dll
false
-
crypter_rawstub
true
-
crypto_key
tJAEBsRlHobUrN
-
internal_mutex
txtMut
-
minimum_disk
18
-
minimum_ram
6009
-
ping_interval
4
-
rootkit
true
-
startup_persistence
true
-
username
PLEX
Targets
-
-
Target
eebf1a462cb8ea88eee8af609fc35d3640a2d5b42355f5d6197c7f51a4bac0bb.msi
-
Size
8.5MB
-
MD5
4e176a52cd2a43e85549cd10cef5b1f0
-
SHA1
322a3e3fe1f260493a6f5704608e0bbea15199d6
-
SHA256
eebf1a462cb8ea88eee8af609fc35d3640a2d5b42355f5d6197c7f51a4bac0bb
-
SHA512
ea9d8b7101bafeae56b2f0d778fba5440652d88e70ad589be576fcab01d5c41505c1cb14dbcc2a34772da143160e41f694c0b4b5667537838af289a63c537e47
-
SSDEEP
196608:ieS5hV9/S6WXbfXlTrn7HZ5AQX3AveLukj1w9vBiRU/MwZF:idhVs6WXjX9HZ5AQX32WDo0A
Score10/10-
DarkGate
DarkGate is an infostealer written in C++.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-