General
-
Target
17042024_0929_read.wsf
-
Size
243KB
-
Sample
240417-bv7xqabd6s
-
MD5
60e923dc50030bf27a8aa27c0eeff59c
-
SHA1
047262b4503b784dfe7d13b4bc990ebefa9056a0
-
SHA256
a5e655ef647c441240212e9544ffde5583a81546775a4388e64f5952308ab58a
-
SHA512
542895a3a0e20e8cf3488189323bccb4fdc2d5af108811335baaae2ab384edcc92ecab63d3ee6378529371346ec2fcc7206019fa37df17ddf923507945816795
-
SSDEEP
6144:Haw0sOMp/Ln6tPRd4iRZ0WO5EVWK7DF2WsdZgup4BD+P:asOMpcRZV/2WQZ/M6
Malware Config
Extracted
darkgate
admin888
backupssupport.com
-
anti_analysis
true
-
anti_debug
false
-
anti_vm
true
-
c2_port
80
-
check_disk
false
-
check_ram
false
-
check_xeon
false
-
crypter_au3
false
-
crypter_dll
false
-
crypter_raw_stub
false
-
internal_mutex
rNDPYLnH
-
minimum_disk
50
-
minimum_ram
4000
-
ping_interval
6
-
rootkit
false
-
startup_persistence
true
-
username
admin888
Targets
-
-
Target
17042024_0929_read.wsf
-
Size
243KB
-
MD5
60e923dc50030bf27a8aa27c0eeff59c
-
SHA1
047262b4503b784dfe7d13b4bc990ebefa9056a0
-
SHA256
a5e655ef647c441240212e9544ffde5583a81546775a4388e64f5952308ab58a
-
SHA512
542895a3a0e20e8cf3488189323bccb4fdc2d5af108811335baaae2ab384edcc92ecab63d3ee6378529371346ec2fcc7206019fa37df17ddf923507945816795
-
SSDEEP
6144:Haw0sOMp/Ln6tPRd4iRZ0WO5EVWK7DF2WsdZgup4BD+P:asOMpcRZV/2WQZ/M6
Score10/10-
DarkGate
DarkGate is an infostealer written in C++.
-
Detect DarkGate stealer
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-