General
-
Target
NEAS.c788100411c38388afc3438dccc05297ac7a77083f579e4a7e8d6e1479214fde.unknown
-
Size
237KB
-
Sample
231117-v7z77abg98
-
MD5
ea6fd6ca47514d9c632c119d73aef528
-
SHA1
0d47cbd6d19a17a57077cbc0d0aa659865458672
-
SHA256
c788100411c38388afc3438dccc05297ac7a77083f579e4a7e8d6e1479214fde
-
SHA512
e20079b69e82eb48222635ef03a6f935871ea69f6d7715401ac208bbbb33a5af7fcb8c6c745364b31c2ee07e3f4bf2e5e5c2d1ae6ae87b795fa23230ead290ec
-
SSDEEP
6144:k7hgXeerjqlI2Iro+Qqn7hgXeerjqlI2Iro+JGxw:ehgSlI23W7hgSlI23Ct
Malware Config
Extracted
darkgate
A11111
http://faststroygo.com
-
alternative_c2_port
8080
-
anti_analysis
false
-
anti_debug
false
-
anti_vm
false
-
c2_port
80
-
check_disk
false
-
check_ram
false
-
check_xeon
false
-
crypter_au3
false
-
crypter_dll
false
-
crypter_rawstub
true
-
crypto_key
sYEvPOjQglaHah
-
internal_mutex
txtMut
-
minimum_disk
100
-
minimum_ram
4096
-
ping_interval
4
-
rootkit
true
-
startup_persistence
true
-
username
A11111
Targets
-
-
Target
NEAS.c788100411c38388afc3438dccc05297ac7a77083f579e4a7e8d6e1479214fde.unknown
-
Size
237KB
-
MD5
ea6fd6ca47514d9c632c119d73aef528
-
SHA1
0d47cbd6d19a17a57077cbc0d0aa659865458672
-
SHA256
c788100411c38388afc3438dccc05297ac7a77083f579e4a7e8d6e1479214fde
-
SHA512
e20079b69e82eb48222635ef03a6f935871ea69f6d7715401ac208bbbb33a5af7fcb8c6c745364b31c2ee07e3f4bf2e5e5c2d1ae6ae87b795fa23230ead290ec
-
SSDEEP
6144:k7hgXeerjqlI2Iro+Qqn7hgXeerjqlI2Iro+JGxw:ehgSlI23W7hgSlI23Ct
Score10/10-
DarkGate
DarkGate is an infostealer written in C++.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-