General
-
Target
11112023_0209_04ed74acb9df4.zip
-
Size
63KB
-
Sample
231110-wrlkjadd59
-
MD5
980a9ae62ba06ff803032a03f8ef7f18
-
SHA1
46ff349ae1b4790b804dc0a6eeb85b78019e0d86
-
SHA256
f3ca08464dbed3e39c5129deec8d2d5e2d0a76a402a7cfc927ea96de1c5f2152
-
SHA512
3c2cd036550576f3ed706720f6a0279bb728b87adec00774edf1afad3bda45a047327eaa899bb355f111c72caaff4364fe144d173b59fd4b6525e4214c378ccf
-
SSDEEP
1536:j4KN4BlnwR7nOYr1goFhOS6W5tyexR/5d8HA0oglQmiAL9ODvoNW69u2o:j4Y4LwFf1g05tyA/sHGLALe/xh
Malware Config
Extracted
darkgate
user_871236672
http://adhufdauifadhj13.com
-
alternative_c2_port
8080
-
anti_analysis
true
-
anti_debug
true
-
anti_vm
true
-
c2_port
2351
-
check_disk
false
-
check_ram
true
-
check_xeon
true
-
crypter_au3
false
-
crypter_dll
false
-
crypter_rawstub
true
-
crypto_key
RcYNsgqrBNfjGL
-
internal_mutex
txtMut
-
minimum_disk
40
-
minimum_ram
6000
-
ping_interval
4
-
rootkit
true
-
startup_persistence
true
-
username
user_871236672
Targets
-
-
Target
04ed74acb9df4.js
-
Size
239KB
-
MD5
3cbc967a5904e27767bbdfe9492b93eb
-
SHA1
ef3ccca0ccebfa16cf49cbdae79e6807fbbb7faa
-
SHA256
7cbe0f63e1f231b3046ae7d636a8e8abf803e0c848de096717976ed6ac57febe
-
SHA512
a842ab49f8b21dbf8d5d5316e2923ae5b6d828691ae6cccc41d752879eead09fb2cfce9bcc9fb0ccc3e8afe4c70a1700b39f4acf62f97ae5743d40eb4bece166
-
SSDEEP
6144:Ie7hgXeerjqlI2Iro+me7hgXeerjqlI2Iro+8:IIhgSlI23TIhgSlI23V
Score10/10-
DarkGate
DarkGate is an infostealer written in C++.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-