General
-
Target
quickbook_April-2024.vbs
-
Size
7KB
-
Sample
240402-tle5fsfa87
-
MD5
4ff404ceede30c0ca73b97e26f20dfa8
-
SHA1
5b2644004b27a4b39502ad0d4a0193d0124588cb
-
SHA256
885eae8e4d2788a7c54f4123cbf84b4e897082f8388a7b3f3c2bace9f9419e13
-
SHA512
4f8fbfb0dea83b81fcaff17cd4fea7cf888a99b186908f58b4b2d599b4a4f3df9bd9a8fadec7b25de5dea4dfaf416dca09ce6ce76a542ad32f0a96febe836ae1
-
SSDEEP
192:YMg119gkCtL3IqSPN3QzGNzUoNJnN/Y999E6:jy19gR3IquNgzG2oNla
Malware Config
Extracted
darkgate
admin888
31yc.com
-
anti_analysis
true
-
anti_debug
false
-
anti_vm
true
-
c2_port
80
-
check_disk
false
-
check_ram
false
-
check_xeon
false
-
crypter_au3
false
-
crypter_dll
false
-
crypter_raw_stub
false
-
internal_mutex
gWZTZaEo
-
minimum_disk
100
-
minimum_ram
4096
-
ping_interval
6
-
rootkit
false
-
startup_persistence
true
-
username
admin888
Targets
-
-
Target
quickbook_April-2024.vbs
-
Size
7KB
-
MD5
4ff404ceede30c0ca73b97e26f20dfa8
-
SHA1
5b2644004b27a4b39502ad0d4a0193d0124588cb
-
SHA256
885eae8e4d2788a7c54f4123cbf84b4e897082f8388a7b3f3c2bace9f9419e13
-
SHA512
4f8fbfb0dea83b81fcaff17cd4fea7cf888a99b186908f58b4b2d599b4a4f3df9bd9a8fadec7b25de5dea4dfaf416dca09ce6ce76a542ad32f0a96febe836ae1
-
SSDEEP
192:YMg119gkCtL3IqSPN3QzGNzUoNJnN/Y999E6:jy19gR3IquNgzG2oNla
Score10/10-
DarkGate
DarkGate is an infostealer written in C++.
-
Detect DarkGate stealer
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-