General
-
Target
NEAS.893bb5ccc58e1d3ab7d2e28a5ecbf58195d10bc352f800b65d905c9655158439.msi
-
Size
8.5MB
-
Sample
231110-rsvsdaaa39
-
MD5
be421d1cfaba686bcafee896c24b4b45
-
SHA1
f89fe47d0ae4d708876e3e80c250eef6582f148b
-
SHA256
893bb5ccc58e1d3ab7d2e28a5ecbf58195d10bc352f800b65d905c9655158439
-
SHA512
74514c6a8920b9cb645d13f82228a6124487715ddc736661e1e86b1b141292fae6278f84dac7c81c3139823b8b505f1d09d31eafb0896c5ca7525f49bf9b65f7
-
SSDEEP
196608:PeS5hV9/S6WXbfXlTrn7HZ5AQX3AveLukj1w9+MeLGW+x:PdhVs6WXjX9HZ5AQX32WDa8
Malware Config
Extracted
darkgate
ADS5
http://siliconerumble.com
-
alternative_c2_port
8080
-
anti_analysis
true
-
anti_debug
true
-
anti_vm
true
-
c2_port
443
-
check_disk
false
-
check_ram
true
-
check_xeon
true
-
crypter_au3
false
-
crypter_dll
false
-
crypter_rawstub
true
-
crypto_key
nZWkslxXPxaMte
-
internal_mutex
txtMut
-
minimum_disk
32
-
minimum_ram
6005
-
ping_interval
4
-
rootkit
true
-
startup_persistence
true
-
username
ADS5
Targets
-
-
Target
NEAS.893bb5ccc58e1d3ab7d2e28a5ecbf58195d10bc352f800b65d905c9655158439.msi
-
Size
8.5MB
-
MD5
be421d1cfaba686bcafee896c24b4b45
-
SHA1
f89fe47d0ae4d708876e3e80c250eef6582f148b
-
SHA256
893bb5ccc58e1d3ab7d2e28a5ecbf58195d10bc352f800b65d905c9655158439
-
SHA512
74514c6a8920b9cb645d13f82228a6124487715ddc736661e1e86b1b141292fae6278f84dac7c81c3139823b8b505f1d09d31eafb0896c5ca7525f49bf9b65f7
-
SSDEEP
196608:PeS5hV9/S6WXbfXlTrn7HZ5AQX3AveLukj1w9+MeLGW+x:PdhVs6WXjX9HZ5AQX32WDa8
Score10/10-
DarkGate
DarkGate is an infostealer written in C++.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-