General
-
Target
attach#6335-18-03-2024.xlsx.zip
-
Size
50KB
-
Sample
240318-v6zv2aec55
-
MD5
bad9c7a46783e9e52fc471ce47700eb5
-
SHA1
bc8731228945050bb475c03d95b5e38b7979f5c9
-
SHA256
efe211f79e3fefb5368e5e9379441cf800c5872f37f644fbf7768d5f36aee5f0
-
SHA512
fba94e84df21b150c815e4c73011238f98e6275639b9dfa13965ff1fc9f69baed35ba0bab06d3616ce45a79a2581784ceee0b9a53755603e59c9f133b5543476
-
SSDEEP
1536:MI6GrfM6oRIO614HzwLv49JxDTWmlNvUdRFv:MItk6oRU4omzA
Malware Config
Extracted
darkgate
admin8888
buassinnndm.net
-
anti_analysis
true
-
anti_debug
false
-
anti_vm
true
-
c2_port
80
-
check_disk
false
-
check_ram
false
-
check_xeon
false
-
crypter_au3
false
-
crypter_dll
false
-
crypter_raw_stub
false
-
internal_mutex
losBHUAX
-
minimum_disk
100
-
minimum_ram
4096
-
ping_interval
6
-
rootkit
false
-
startup_persistence
true
-
username
admin8888
Targets
-
-
Target
attach#6335-18-03-2024.xlsx
-
Size
57KB
-
MD5
44f811ec16a3d53c0a824c79db4d9045
-
SHA1
2fb92d7ec2139b1197166318efeebeb0ec668928
-
SHA256
69a2cc590e745c9f2db24479fe9ce39cf1832d3ae19035cd410d820bbfa81604
-
SHA512
c87d1d86b370e28f0b22ee513ad9b55b30dae48bc36aa81a2fa2c002a5871bf5659e3883741a461e6954fbc764395150221b61481f8443e1818a945ba4218eec
-
SSDEEP
768:bnrZ932qpaOKFSGOJdGvoZCPAUJ1YxBardD2TSWGdCIKD13zegYN1T/plx:5J2u4OPKIxoEuDKNzexTRlx
Score10/10-
DarkGate
DarkGate is an infostealer written in C++.
-
Detect DarkGate stealer
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-