General
-
Target
New folder.7z
-
Size
619KB
-
Sample
240510-fyy67sge64
-
MD5
eb0ff2dff443996a883ed48348477fee
-
SHA1
1023b9ae9a1d4c26d008d9d7b786729059203d02
-
SHA256
007e6640a49030d68af8679df6ef5b9ad7bb917396f6a2ab1b5eb72037ebf120
-
SHA512
47f50e6695389642927dd291f48c60db08f733cfde61c321061c813138a65563b1c4f1deeb49f47b378f2a5ebd928ea7bccf293410eafb7120f700170cfebdb0
-
SSDEEP
12288:Wlm6/dzw29ot0jNFay25MDkI1tUsZbqotLNsfgIWYLCkH4yKIn1ZBV8rCkFYOJ2P:MzN9M0jN1THLqotLN6gIWYWkH4XIn/8G
Malware Config
Extracted
darkgate
admin888
kindupdates.com
-
anti_analysis
true
-
anti_debug
false
-
anti_vm
true
-
c2_port
80
-
check_disk
false
-
check_ram
false
-
check_xeon
false
-
crypter_au3
false
-
crypter_dll
false
-
crypter_raw_stub
false
-
internal_mutex
VjpTnzOY
-
minimum_disk
100
-
minimum_ram
4096
-
ping_interval
6
-
rootkit
false
-
startup_persistence
true
-
username
admin888
Targets
-
-
Target
New folder/execute.bat
-
Size
29B
-
MD5
9cb80398908d1720da4a0ff9052280ab
-
SHA1
ec13380c5a107ad18b08c546fc067f3ccd8fecfc
-
SHA256
ecbdb7843d10d746282f0eddf1dc89ab7927e19102492711be4dc1b26ace13f1
-
SHA512
29da0caa5142654408b34a9e2685030ff06bafc74c3ef413868954bbf29464d228079a3227db0bc4f1d666ef4fa22b62135d01b96bf98a17a8a7a9edaf8e3ab2
Score10/10-
DarkGate
DarkGate is an infostealer written in C++.
-
Detect DarkGate stealer
-
Command and Scripting Interpreter: AutoIT
Using AutoIT for possible automate script.
-