General
-
Target
27062024_0133_26-June-8e102d0a.vbs
-
Size
2.6MB
-
Sample
240627-byny1swama
-
MD5
a2d12fd1350512b0da9ee5bbb1b57bd3
-
SHA1
24f93f3eee12401b4801f2b662f7693d4ced9e9a
-
SHA256
5b2eab80be6a4a92ed7ef64f347abe1c2bd5383d9abae8c29ee020486edcc033
-
SHA512
a24d3ac3ce1525c7d8d1153e16549a0dcff6fe49ddc01edb72b38708d1dc79d720a89814dd99768a54f238367b27d0e4b1ce5a967449039e39cf638d6548165c
-
SSDEEP
49152:NjjjjSjjjVjwfakCSzvQk9xezEwlwJwY+VewJw/V5Cp+jk8ijjjjpjPdHBwXiWF:h
Malware Config
Extracted
darkgate
trafikk897612561
91.222.173.170
-
anti_analysis
true
-
anti_debug
false
-
anti_vm
true
-
c2_port
80
-
check_disk
false
-
check_ram
false
-
check_xeon
false
-
crypter_au3
false
-
crypter_dll
false
-
crypter_raw_stub
false
-
internal_mutex
GDrdcpJy
-
minimum_disk
100
-
minimum_ram
4095
-
ping_interval
6
-
rootkit
false
-
startup_persistence
true
-
username
trafikk897612561
Targets
-
-
Target
27062024_0133_26-June-8e102d0a.vbs
-
Size
2.6MB
-
MD5
a2d12fd1350512b0da9ee5bbb1b57bd3
-
SHA1
24f93f3eee12401b4801f2b662f7693d4ced9e9a
-
SHA256
5b2eab80be6a4a92ed7ef64f347abe1c2bd5383d9abae8c29ee020486edcc033
-
SHA512
a24d3ac3ce1525c7d8d1153e16549a0dcff6fe49ddc01edb72b38708d1dc79d720a89814dd99768a54f238367b27d0e4b1ce5a967449039e39cf638d6548165c
-
SSDEEP
49152:NjjjjSjjjVjwfakCSzvQk9xezEwlwJwY+VewJw/V5Cp+jk8ijjjjpjPdHBwXiWF:h
Score10/10-
DarkGate
DarkGate is an infostealer written in C++.
-
Detect DarkGate stealer
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Executes dropped EXE
-
Command and Scripting Interpreter: AutoIT
Using AutoIT for possible automate script.
-