General
-
Target
2e34908f60502ead6ad08af1554c305b88741d09e36b2c24d85fd9bac4a11d2f.vbs
-
Size
880KB
-
Sample
240410-bs6lwaeh5y
-
MD5
e0217823f2f748254b43ede64e422199
-
SHA1
3bede6ac6d6e7362b64a7de6663c9b6caac29832
-
SHA256
2e34908f60502ead6ad08af1554c305b88741d09e36b2c24d85fd9bac4a11d2f
-
SHA512
ab681712155c36cf0a8f44be5c181e4d4a2b61f3b35b2d6fa1266924b9932d8bab50b9e72a60d7e64ed3fa0504ec98726d81a2ebabf6bf403ac14dc5fb07c7b6
-
SSDEEP
24576:j2rHDMzlpSUY+g3Gy1U6dxvJwdd+2fk6T/dhTYzmQGeKsKBGrlrH:kAW59gs/s0dH
Malware Config
Extracted
darkgate
admin888
103.124.106.237
-
anti_analysis
true
-
anti_debug
false
-
anti_vm
true
-
c2_port
80
-
check_disk
false
-
check_ram
false
-
check_xeon
false
-
crypter_au3
false
-
crypter_dll
false
-
crypter_raw_stub
false
-
internal_mutex
bedxvHpr
-
minimum_disk
50
-
minimum_ram
4000
-
ping_interval
6
-
rootkit
false
-
startup_persistence
true
-
username
admin888
Targets
-
-
Target
2e34908f60502ead6ad08af1554c305b88741d09e36b2c24d85fd9bac4a11d2f.vbs
-
Size
880KB
-
MD5
e0217823f2f748254b43ede64e422199
-
SHA1
3bede6ac6d6e7362b64a7de6663c9b6caac29832
-
SHA256
2e34908f60502ead6ad08af1554c305b88741d09e36b2c24d85fd9bac4a11d2f
-
SHA512
ab681712155c36cf0a8f44be5c181e4d4a2b61f3b35b2d6fa1266924b9932d8bab50b9e72a60d7e64ed3fa0504ec98726d81a2ebabf6bf403ac14dc5fb07c7b6
-
SSDEEP
24576:j2rHDMzlpSUY+g3Gy1U6dxvJwdd+2fk6T/dhTYzmQGeKsKBGrlrH:kAW59gs/s0dH
Score10/10-
DarkGate
DarkGate is an infostealer written in C++.
-
Detect DarkGate stealer
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-