General
-
Target
d28c416add7fe55e7b1a20e30013e870cfb2eb3c9a5962ed4047766a43fa4f5e.ps1
-
Size
865B
-
Sample
240528-bz42maba45
-
MD5
f391262039244472c29e2b3b788a4a79
-
SHA1
b6db78ac395a0191883670595a88bd0fa52a87f8
-
SHA256
d28c416add7fe55e7b1a20e30013e870cfb2eb3c9a5962ed4047766a43fa4f5e
-
SHA512
5797b2175e4a9cba73c8ddda42968a4536eb3716e90f8038ce774d45ca8e65ba749cca94010954f841b3292a65c591b2b2ccb94f44af857ff2d7786a709f6d06
Malware Config
Extracted
https://kostumn1.ilabserver.com/1.zip
Extracted
darkgate
x6x6x7x77xx6x6x67
91.222.173.113
-
anti_analysis
true
-
anti_debug
false
-
anti_vm
true
-
c2_port
443
-
check_disk
false
-
check_ram
false
-
check_xeon
false
-
crypter_au3
false
-
crypter_dll
false
-
crypter_raw_stub
false
-
internal_mutex
tdFBRmkc
-
minimum_disk
100
-
minimum_ram
4096
-
ping_interval
6
-
rootkit
false
-
startup_persistence
true
-
username
x6x6x7x77xx6x6x67
Targets
-
-
Target
d28c416add7fe55e7b1a20e30013e870cfb2eb3c9a5962ed4047766a43fa4f5e.ps1
-
Size
865B
-
MD5
f391262039244472c29e2b3b788a4a79
-
SHA1
b6db78ac395a0191883670595a88bd0fa52a87f8
-
SHA256
d28c416add7fe55e7b1a20e30013e870cfb2eb3c9a5962ed4047766a43fa4f5e
-
SHA512
5797b2175e4a9cba73c8ddda42968a4536eb3716e90f8038ce774d45ca8e65ba749cca94010954f841b3292a65c591b2b2ccb94f44af857ff2d7786a709f6d06
Score10/10-
DarkGate
DarkGate is an infostealer written in C++.
-
Detect DarkGate stealer
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Command and Scripting Interpreter: AutoIT
Using AutoIT for possible automate script.
-