General
-
Target
4d86f191c4d7a5684116b671618669ec2bdd6bc08337fa2573c773386a14b2df.vbs
-
Size
5KB
-
Sample
240306-crnkcagd6y
-
MD5
e02b999dc0c9c4bba51b28c6e733055a
-
SHA1
5eb9ebe7b853dc4bb3167f7d935ee9b62ab9fbb0
-
SHA256
4d86f191c4d7a5684116b671618669ec2bdd6bc08337fa2573c773386a14b2df
-
SHA512
5713f924b7d88072b1bbf61089802f4ffddcb84c431cf9caa0ff02330e6070fe27259aba2e7455e2b113ed3740c8fea579199c5fc8242f10cb792fb2b35312d6
-
SSDEEP
96:wwUEmyDTEBzylU+/V9rkcQ3tZUHg4KRZZoPC8Wuo9d3uV0I:wwU0TEBzj+/V9g/tZUHg4KR/oa8Wuo9u
Malware Config
Extracted
darkgate
xr_itzx001
45.140.146.2
-
anti_analysis
true
-
anti_debug
false
-
anti_vm
false
-
c2_port
443
-
check_disk
true
-
check_ram
true
-
check_xeon
false
-
crypter_au3
false
-
crypter_dll
false
-
crypter_raw_stub
false
-
internal_mutex
aebaZrVV
-
minimum_disk
90
-
minimum_ram
4068
-
ping_interval
6
-
rootkit
false
-
startup_persistence
true
-
username
xr_itzx001
Targets
-
-
Target
4d86f191c4d7a5684116b671618669ec2bdd6bc08337fa2573c773386a14b2df.vbs
-
Size
5KB
-
MD5
e02b999dc0c9c4bba51b28c6e733055a
-
SHA1
5eb9ebe7b853dc4bb3167f7d935ee9b62ab9fbb0
-
SHA256
4d86f191c4d7a5684116b671618669ec2bdd6bc08337fa2573c773386a14b2df
-
SHA512
5713f924b7d88072b1bbf61089802f4ffddcb84c431cf9caa0ff02330e6070fe27259aba2e7455e2b113ed3740c8fea579199c5fc8242f10cb792fb2b35312d6
-
SSDEEP
96:wwUEmyDTEBzylU+/V9rkcQ3tZUHg4KRZZoPC8Wuo9d3uV0I:wwU0TEBzj+/V9g/tZUHg4KR/oa8Wuo9u
Score10/10-
DarkGate
DarkGate is an infostealer written in C++.
-
Detect DarkGate stealer
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-