General
-
Target
payload.jar
-
Size
28KB
-
Sample
240416-zcl5asde61
-
MD5
b504eb2fb8e625e6967e4bccad1088e8
-
SHA1
9ca5a29c1f66de5367c30854adb9ed173d7a3fed
-
SHA256
56c93c26d3305315c2c63442163c6f8d22a6c425013bfe9ee0007849a7f8426b
-
SHA512
c1ec4d9659f1ebc8f7fec8f85f527262856ae5eca5a9e35514b7f16ece703e19e3cdf8fae3830732fe2bfb3fef56fabc6f36487170220af3b96df7c662d64e5e
-
SSDEEP
768:I+DjklfoxTKo7eI18lhVzEGtD7JkLg7/swgUCQy6xGHr:I4qo4ZE8VKL8m9QZUHr
Malware Config
Extracted
darkgate
admin888
backupssupport.com
-
anti_analysis
true
-
anti_debug
false
-
anti_vm
true
-
c2_port
80
-
check_disk
false
-
check_ram
false
-
check_xeon
false
-
crypter_au3
false
-
crypter_dll
false
-
crypter_raw_stub
false
-
internal_mutex
rNDPYLnH
-
minimum_disk
50
-
minimum_ram
4000
-
ping_interval
6
-
rootkit
false
-
startup_persistence
true
-
username
admin888
Targets
-
-
Target
payload.jar
-
Size
28KB
-
MD5
b504eb2fb8e625e6967e4bccad1088e8
-
SHA1
9ca5a29c1f66de5367c30854adb9ed173d7a3fed
-
SHA256
56c93c26d3305315c2c63442163c6f8d22a6c425013bfe9ee0007849a7f8426b
-
SHA512
c1ec4d9659f1ebc8f7fec8f85f527262856ae5eca5a9e35514b7f16ece703e19e3cdf8fae3830732fe2bfb3fef56fabc6f36487170220af3b96df7c662d64e5e
-
SSDEEP
768:I+DjklfoxTKo7eI18lhVzEGtD7JkLg7/swgUCQy6xGHr:I4qo4ZE8VKL8m9QZUHr
Score10/10-
DarkGate
DarkGate is an infostealer written in C++.
-
Detect DarkGate stealer
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Modifies file permissions
-