General
-
Target
dnsps1.zip
-
Size
752KB
-
Sample
240529-kbzxfage6x
-
MD5
e7816b548ddf8a7d583b377a0bf141e1
-
SHA1
258b6674a206bc2150cb9fa8b88e6a640d07306d
-
SHA256
faa11b62d303a3ac0c51c66788849818bced4d1a17b77b1788d15b2d21086686
-
SHA512
cba4f122b9b81b53dbf45a17c65098f97077b80a9b7e5a85480819260d44d383d622af2dea7afbe9b498e7342a61430a182a41b277740e44b8489a8ce6cda418
-
SSDEEP
12288:xhjJs9uHpnB7DNbnDJ4wFY8YXsCdLsXOjHCZI8gaKVTUccZX9+Gn4kRSOPCCvJel:Xls9eB1jCwFY8cseXbOccx4kzKeeMmsk
Malware Config
Extracted
darkgate
x6x6x7x77xx6x6x67
91.222.173.113
-
anti_analysis
true
-
anti_debug
false
-
anti_vm
true
-
c2_port
443
-
check_disk
false
-
check_ram
false
-
check_xeon
false
-
crypter_au3
false
-
crypter_dll
false
-
crypter_raw_stub
false
-
internal_mutex
tdFBRmkc
-
minimum_disk
100
-
minimum_ram
4096
-
ping_interval
6
-
rootkit
false
-
startup_persistence
true
-
username
x6x6x7x77xx6x6x67
Targets
-
-
Target
dnsps1.zip
-
Size
752KB
-
MD5
e7816b548ddf8a7d583b377a0bf141e1
-
SHA1
258b6674a206bc2150cb9fa8b88e6a640d07306d
-
SHA256
faa11b62d303a3ac0c51c66788849818bced4d1a17b77b1788d15b2d21086686
-
SHA512
cba4f122b9b81b53dbf45a17c65098f97077b80a9b7e5a85480819260d44d383d622af2dea7afbe9b498e7342a61430a182a41b277740e44b8489a8ce6cda418
-
SSDEEP
12288:xhjJs9uHpnB7DNbnDJ4wFY8YXsCdLsXOjHCZI8gaKVTUccZX9+Gn4kRSOPCCvJel:Xls9eB1jCwFY8cseXbOccx4kzKeeMmsk
Score10/10-
DarkGate
DarkGate is an infostealer written in C++.
-
Detect DarkGate stealer
-
Command and Scripting Interpreter: AutoIT
Using AutoIT for possible automate script.
-