General
-
Target
4_10_AC-2335.xlsx
-
Size
51KB
-
Sample
240410-w1999aba2w
-
MD5
7efe9f3902618e160caafb1f6fd73dd6
-
SHA1
8f1a3560307e848a01122d088d9136e545726ca8
-
SHA256
378b000edf3bfe114e1b7ba8045371080a256825f25faaea364cf57fa6d898d7
-
SHA512
5392ebb12b0fa8225eb532db284bd6e38b23737615471f8bd7e7482b787520eaf3e4937039be2d4ea48e3fb93b787cfecdcd1c1a1b91066bed4a995c5eff72bf
-
SSDEEP
1536:4s1eZDHgM8v42wkYq84lKL7IAnA4xCQH140Xz:V1eZcMetF8T7IAA4xprD
Malware Config
Extracted
darkgate
admin888
wassonite.com
-
anti_analysis
true
-
anti_debug
false
-
anti_vm
true
-
c2_port
80
-
check_disk
false
-
check_ram
false
-
check_xeon
false
-
crypter_au3
false
-
crypter_dll
false
-
crypter_raw_stub
false
-
internal_mutex
jdfEdKYT
-
minimum_disk
50
-
minimum_ram
4000
-
ping_interval
6
-
rootkit
false
-
startup_persistence
true
-
username
admin888
Targets
-
-
Target
4_10_AC-2335.xlsx
-
Size
51KB
-
MD5
7efe9f3902618e160caafb1f6fd73dd6
-
SHA1
8f1a3560307e848a01122d088d9136e545726ca8
-
SHA256
378b000edf3bfe114e1b7ba8045371080a256825f25faaea364cf57fa6d898d7
-
SHA512
5392ebb12b0fa8225eb532db284bd6e38b23737615471f8bd7e7482b787520eaf3e4937039be2d4ea48e3fb93b787cfecdcd1c1a1b91066bed4a995c5eff72bf
-
SSDEEP
1536:4s1eZDHgM8v42wkYq84lKL7IAnA4xCQH140Xz:V1eZcMetF8T7IAA4xprD
Score10/10-
DarkGate
DarkGate is an infostealer written in C++.
-
Detect DarkGate stealer
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-