General
-
Target
QB-04_02_24_inv765541BA.vbs
-
Size
8KB
-
Sample
240402-tgryfseg8y
-
MD5
29552b793e8d97538afff1aaf566a625
-
SHA1
e3931fca0386f00e1c246039c3491b686e5d8354
-
SHA256
5cb9876681f78d3ee8a01a5aaa5d38b05ec81edc48b09e3865b75c49a2187831
-
SHA512
a847bcc585e75118920548bce0ab85cc4f9f3305052dc835a2cdf7ec127982e7d2e94519505c73c429709665b231ba259477f5efe468815ea1c237edd247f2f6
-
SSDEEP
192:YMg119gkCtL3IqSPN3QzGNzUoNJnN/Y99957:jy19gR3IquNgzG2oNl4
Malware Config
Extracted
darkgate
admin888
31yc.com
-
anti_analysis
true
-
anti_debug
false
-
anti_vm
true
-
c2_port
80
-
check_disk
false
-
check_ram
false
-
check_xeon
false
-
crypter_au3
false
-
crypter_dll
false
-
crypter_raw_stub
false
-
internal_mutex
xIpQnKfo
-
minimum_disk
50
-
minimum_ram
4000
-
ping_interval
6
-
rootkit
false
-
startup_persistence
true
-
username
admin888
Targets
-
-
Target
QB-04_02_24_inv765541BA.vbs
-
Size
8KB
-
MD5
29552b793e8d97538afff1aaf566a625
-
SHA1
e3931fca0386f00e1c246039c3491b686e5d8354
-
SHA256
5cb9876681f78d3ee8a01a5aaa5d38b05ec81edc48b09e3865b75c49a2187831
-
SHA512
a847bcc585e75118920548bce0ab85cc4f9f3305052dc835a2cdf7ec127982e7d2e94519505c73c429709665b231ba259477f5efe468815ea1c237edd247f2f6
-
SSDEEP
192:YMg119gkCtL3IqSPN3QzGNzUoNJnN/Y99957:jy19gR3IquNgzG2oNl4
Score10/10-
DarkGate
DarkGate is an infostealer written in C++.
-
Detect DarkGate stealer
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-