General
-
Target
re-march-26-2024-9794.xlsx
-
Size
65KB
-
Sample
240327-jqdr3sag8y
-
MD5
af440ea16bf075f844e20296bba223cd
-
SHA1
dfa83aba0e634dfc83ff1f7a8cff6f334be7ac8d
-
SHA256
63d68e0bb8e196c50e60df65fbd50eabbc21857cb1af6d3efab22c3bf44995ff
-
SHA512
bf05569ecbafcad7eed5624153156d117bf1a9eb6921ef54ca65a7375169d231b4f883a4243a7634d97490c4fa058ae76016e5728eb70486c2d0a3882d45723b
-
SSDEEP
1536:VvAi3OnslDGe2eGyIvJhaaO5Ny4iUvRB75d/wSgE9pgyjxOqTU:JlOsj4yIRAzHiE/7n/tgE9pgyjxi
Malware Config
Extracted
darkgate
admin888
backupitfirst.com
-
anti_analysis
true
-
anti_debug
false
-
anti_vm
true
-
c2_port
80
-
check_disk
false
-
check_ram
false
-
check_xeon
false
-
crypter_au3
false
-
crypter_dll
false
-
crypter_raw_stub
false
-
internal_mutex
SfUQxDje
-
minimum_disk
50
-
minimum_ram
4000
-
ping_interval
6
-
rootkit
false
-
startup_persistence
true
-
username
admin888
Targets
-
-
Target
re-march-26-2024-9794.xlsx
-
Size
65KB
-
MD5
af440ea16bf075f844e20296bba223cd
-
SHA1
dfa83aba0e634dfc83ff1f7a8cff6f334be7ac8d
-
SHA256
63d68e0bb8e196c50e60df65fbd50eabbc21857cb1af6d3efab22c3bf44995ff
-
SHA512
bf05569ecbafcad7eed5624153156d117bf1a9eb6921ef54ca65a7375169d231b4f883a4243a7634d97490c4fa058ae76016e5728eb70486c2d0a3882d45723b
-
SSDEEP
1536:VvAi3OnslDGe2eGyIvJhaaO5Ny4iUvRB75d/wSgE9pgyjxOqTU:JlOsj4yIRAzHiE/7n/tgE9pgyjxi
Score10/10-
DarkGate
DarkGate is an infostealer written in C++.
-
Detect DarkGate stealer
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-