General
-
Target
scanned_doc#2024-27-2_6645.xlsx
-
Size
55KB
-
Sample
240227-stjl6scg41
-
MD5
eedb87b1913b5b1bd864fedb04f30e9d
-
SHA1
6e7bf83d38e1672a6f15979effa76e659af7d7ec
-
SHA256
ca497dd08e13d2276d2ec99a0edd71e1283d00d2260b8d59a6eb6a25193b7113
-
SHA512
131d8d9446103058a021a01b6c4569026be959370cf1bb35b5bb5900fd9a96064992e3121d7c8742b01c7f68fadc9c9db3eec8946440f5032c9985eae8da8255
-
SSDEEP
1536:p/ToOEjzAw7Y2r7DUsV4XzY9t3jSagJYwehDC:BoOAcw7nXDUsOjm3jTxhDC
Malware Config
Extracted
darkgate
admin888
remasterprodelherskjs.com
-
anti_analysis
false
-
anti_debug
false
-
anti_vm
false
-
c2_port
80
-
check_disk
false
-
check_ram
false
-
check_xeon
false
-
crypter_au3
false
-
crypter_dll
false
-
crypter_raw_stub
false
-
internal_mutex
PAuTCBnH
-
minimum_disk
50
-
minimum_ram
7000
-
ping_interval
6
-
rootkit
false
-
startup_persistence
true
-
username
admin888
Targets
-
-
Target
scanned_doc#2024-27-2_6645.xlsx
-
Size
55KB
-
MD5
eedb87b1913b5b1bd864fedb04f30e9d
-
SHA1
6e7bf83d38e1672a6f15979effa76e659af7d7ec
-
SHA256
ca497dd08e13d2276d2ec99a0edd71e1283d00d2260b8d59a6eb6a25193b7113
-
SHA512
131d8d9446103058a021a01b6c4569026be959370cf1bb35b5bb5900fd9a96064992e3121d7c8742b01c7f68fadc9c9db3eec8946440f5032c9985eae8da8255
-
SSDEEP
1536:p/ToOEjzAw7Y2r7DUsV4XzY9t3jSagJYwehDC:BoOAcw7nXDUsOjm3jTxhDC
Score10/10-
DarkGate
DarkGate is an infostealer written in C++.
-
Detect DarkGate stealer
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-