General
-
Target
EXCEL_DOCUMENT_OPEN.vbs
-
Size
23KB
-
Sample
240405-shpdaafc3v
-
MD5
6925ed4c3665b27592c356b0bbd4948d
-
SHA1
7429a3929f68c87af85266c5d304f3e26e11a8c0
-
SHA256
5237e653da5478c91e1de3d51a9713753b4bc1b4c9be8e9136cd9d94e216ae77
-
SHA512
333ffd943ea86e75822f6c59412fe12b77f95ddeffd1f0286606faab19b595b27b528457158cc6afe2dcb75455ce9e1fb012ddf171f895135fc90e9d249599b6
-
SSDEEP
384:J0Y5Y65Go4F0yNWe037NwNAUihUN+0X2RyiUiK3xYUif3JNB6Bcy:hYFFFNWe037NwNAUiKNIRyiUiK3xYUi2
Malware Config
Extracted
darkgate
admin888
wpseed.com
-
anti_analysis
true
-
anti_debug
false
-
anti_vm
true
-
c2_port
80
-
check_disk
false
-
check_ram
false
-
check_xeon
false
-
crypter_au3
false
-
crypter_dll
false
-
crypter_raw_stub
false
-
internal_mutex
BxIcizdM
-
minimum_disk
50
-
minimum_ram
4000
-
ping_interval
6
-
rootkit
false
-
startup_persistence
true
-
username
admin888
Targets
-
-
Target
EXCEL_DOCUMENT_OPEN.vbs
-
Size
23KB
-
MD5
6925ed4c3665b27592c356b0bbd4948d
-
SHA1
7429a3929f68c87af85266c5d304f3e26e11a8c0
-
SHA256
5237e653da5478c91e1de3d51a9713753b4bc1b4c9be8e9136cd9d94e216ae77
-
SHA512
333ffd943ea86e75822f6c59412fe12b77f95ddeffd1f0286606faab19b595b27b528457158cc6afe2dcb75455ce9e1fb012ddf171f895135fc90e9d249599b6
-
SSDEEP
384:J0Y5Y65Go4F0yNWe037NwNAUihUN+0X2RyiUiK3xYUif3JNB6Bcy:hYFFFNWe037NwNAUiKNIRyiUiK3xYUi2
Score10/10-
DarkGate
DarkGate is an infostealer written in C++.
-
Detect DarkGate stealer
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-