General
-
Target
wogyusxs.ps1
-
Size
244B
-
Sample
240529-rnfsnahb4w
-
MD5
b7735e2c12896c76d8a89f83184c21e1
-
SHA1
40e06ee347758a0433d8f71a606d026322705c00
-
SHA256
b1a2cc5aa0c95a338d7c1245aafd6f7074429dcfe0022cd623ecd1e975c0cd0b
-
SHA512
b910ec27c7a21ec036f95e66574232811ad056b062e506c7e40d4cfa2ed93792d25bd422a8eec62c3aa45b152e95fc742403cea1e86aca05a4b81aa803871b42
Malware Config
Extracted
darkgate
x6x6x7x77xx6x6x67
languangjob.com
-
anti_analysis
true
-
anti_debug
false
-
anti_vm
true
-
c2_port
80
-
check_disk
false
-
check_ram
false
-
check_xeon
false
-
crypter_au3
false
-
crypter_dll
false
-
crypter_raw_stub
false
-
internal_mutex
EjhXxAJZ
-
minimum_disk
100
-
minimum_ram
4096
-
ping_interval
6
-
rootkit
false
-
startup_persistence
true
-
username
x6x6x7x77xx6x6x67
Targets
-
-
Target
wogyusxs.ps1
-
Size
244B
-
MD5
b7735e2c12896c76d8a89f83184c21e1
-
SHA1
40e06ee347758a0433d8f71a606d026322705c00
-
SHA256
b1a2cc5aa0c95a338d7c1245aafd6f7074429dcfe0022cd623ecd1e975c0cd0b
-
SHA512
b910ec27c7a21ec036f95e66574232811ad056b062e506c7e40d4cfa2ed93792d25bd422a8eec62c3aa45b152e95fc742403cea1e86aca05a4b81aa803871b42
Score10/10-
DarkGate
DarkGate is an infostealer written in C++.
-
Detect DarkGate stealer
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Command and Scripting Interpreter: AutoIT
Using AutoIT for possible automate script.
-