General
-
Target
11112023_0208_d81c4c5fd1.zip
-
Size
8.5MB
-
Sample
231110-wqzqrscb3t
-
MD5
1e3d0e5b11dce67682bdec1b52e715c6
-
SHA1
5937f5b7cdabdd01d4405a5c2f74208df804ee48
-
SHA256
a2f2d75d5d822af00d66ab0de4fee633e3c89ae4512219d83a74d034f0ad5ef3
-
SHA512
eaeac8c1801b15319f487927304dc1703f7d4063c4b5778f6c43fc63e98e0a9a096e2d03780cd9186f3df04e81d7897f61d66d25a3b6b08e32b123d02429d68b
-
SSDEEP
196608:GWeSZnfXfyIifxJHr575zTn92CXdAvSlue/1oHC5mC5Lr1A:GWFnfKIiffH/Tn92CXd2kPR5Lm
Malware Config
Extracted
darkgate
user_871236672
http://adhufdauifadhj13.com
-
alternative_c2_port
8080
-
anti_analysis
true
-
anti_debug
true
-
anti_vm
true
-
c2_port
2351
-
check_disk
true
-
check_ram
true
-
check_xeon
true
-
crypter_au3
false
-
crypter_dll
false
-
crypter_rawstub
true
-
crypto_key
pIXXemAHboYTbK
-
internal_mutex
txtMut
-
minimum_disk
40
-
minimum_ram
6001
-
ping_interval
4
-
rootkit
true
-
startup_persistence
true
-
username
user_871236672
Targets
-
-
Target
d81c4c5fd1.msi
-
Size
8.7MB
-
MD5
df958065715bfa16d27a40331a2fa2b6
-
SHA1
6492750661945ac8604fb2bd92944b9a18eccdd4
-
SHA256
525b43c320e55981503e6bcb925da6eaf8ff02c692434e10e51562984831a6d0
-
SHA512
6c6784d193775f419ab23d106ccce76b51a84c5c4ab7770a1908f731f278398a3b0f45477b097cb336ae8ee48d980cc23fbdba8af72445a3365acbd2a90d9e26
-
SSDEEP
196608:PeS5hV9/S6WXbfXlTrn7HZ5AQX3AveLukj1w9rRlMtLt:PdhVs6WXjX9HZ5AQX32WDKMtL
Score10/10-
DarkGate
DarkGate is an infostealer written in C++.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-