General
-
Target
c57d3f4689a3621ea1ba7e1f18c2735598244ac1b26d712feaa1e19a408cc420.zip
-
Size
8.4MB
-
Sample
231226-klnl6abhh2
-
MD5
d3aa47a58c9153900df942083a652d9f
-
SHA1
3e9e4909919f34c977e34816f947cd19ca47073d
-
SHA256
e3b3fe8bf91cbd4295f5d90496102c0db14d7ec1b536658ff83b7db1f4b0b228
-
SHA512
9e90e1d9fa2debf431b24b9cec5129528cee341d43ed4404d5265c5b8712e562a74465ff9391539b8a3d6971ed4d4384c4efc3b4fffd7024aa53f8e8f49b3465
-
SSDEEP
196608:H6EuncvE0hw+KyNsPEAfOrL8S/ZkBUj2vQqabhAZop86jV:2cvdy+8PEb9PjQQh7pjV
Malware Config
Extracted
darkgate
5.2.8
PLEX
http://jordanmikejeforse.com
-
alternative_c2_port
8080
-
anti_analysis
true
-
anti_debug
true
-
anti_vm
true
-
c2_port
8443
-
check_disk
false
-
check_ram
true
-
check_xeon
true
-
crypter_au3
false
-
crypter_dll
false
-
crypter_raw_stub
true
-
crypto_key
yIzFYincIffips
-
internal_mutex
txtMut
-
minimum_disk
20
-
minimum_ram
6000
-
ping_interval
4
-
rootkit
true
-
startup_persistence
true
-
username
PLEX
Targets
-
-
Target
1c532f2594.msi
-
Size
8.5MB
-
MD5
fbf5d7b4c5f0e86a95b4fcd5c5ccc534
-
SHA1
51588315ff4ae36412c337361ea65f84810938d8
-
SHA256
6da198925581418863170f05b832cd1584b923278d0730d779a30ec96513111d
-
SHA512
3ef2d34071fc10bed59dbe60df3789524f62b89284cc011f1ab0a790196f9010ef6fa41d809947f52668918aa72c90c17211d6be82707b0f8099df548fb40588
-
SSDEEP
196608:0eS5hV9/S6WXbfXlTrn7HZ5AQX3AveLukj1w9OtaQCK0Ex7FVJi0:0dhVs6WXjX9HZ5AQX32WDb0ExZV8
Score10/10-
DarkGate
DarkGate is an infostealer written in C++.
-
Modifies file permissions
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-