General
-
Target
c3fdd6f03be7f1414ab4175d512aa354-sample.zip
-
Size
52KB
-
Sample
240314-wb7stsae5w
-
MD5
aad545e706e4a656ce276d377a4698fb
-
SHA1
8cefd9ab236021f5c41c0b121ebfca8e7b53ef23
-
SHA256
baab40c7c1acabafaee78664e9e59f3b7a6081342862ebd2b126b2bee3aa967f
-
SHA512
00f6eb38614bcfb7bf7a1f6a6da84685c88263f0dc81cdd033e4248563e20f3fbbb35e1b28d778f8e06ec8b5e0f51c410c5c1882932fa3385c6d901d9f2f8df5
-
SSDEEP
768:l9q3MbGlNM8BM4c3+Fql59BIf6/qOlOtWRX/DGiTvcxmJNG+G+FQ5v3Hj:acbWNFBM4rFqlpJqOjxTnJdG+FQ5PD
Malware Config
Extracted
darkgate
admin888
nextroundst.com
-
anti_analysis
true
-
anti_debug
false
-
anti_vm
true
-
c2_port
80
-
check_disk
false
-
check_ram
false
-
check_xeon
false
-
crypter_au3
false
-
crypter_dll
false
-
crypter_raw_stub
false
-
internal_mutex
TuqohTUI
-
minimum_disk
50
-
minimum_ram
4000
-
ping_interval
6
-
rootkit
false
-
startup_persistence
true
-
username
admin888
Targets
-
-
Target
march-D9445-2024.xlsx
-
Size
60KB
-
MD5
ac89528d1040074d45d5c19a0ceb7a6a
-
SHA1
8b47dba91232a0e1ac14cee24267e9c26d7e483c
-
SHA256
1d67808fee7115fa2597e8843aa10f737298c9f097397e5de486fc762753ea0b
-
SHA512
37da11cea5188cc7b7f6c9154410d9d663d5ed306313badbaa421025c49f90bff177613a132d2bff1b529ec214d9eb034937ab8d7830d30bd4451f1579a27feb
-
SSDEEP
1536:64N5DGhJDl5eZ9l0ohOplRfzDrtw86RUtdkV:643ChJR0vl0ohYlRfzD/6o2
Score10/10-
DarkGate
DarkGate is an infostealer written in C++.
-
Detect DarkGate stealer
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-