General
-
Target
0ddf2018b6c181179675bb4c05f1063043ae6028f98ed36b9300034dba7c911f
-
Size
2.8MB
-
Sample
240816-awnd2aygrm
-
MD5
21192107ddba6fc07a531513a9d95d10
-
SHA1
067b39107666d5056c97165432c999453936a9ff
-
SHA256
0ddf2018b6c181179675bb4c05f1063043ae6028f98ed36b9300034dba7c911f
-
SHA512
9ba0bd0c68f7a49271bfdbb4359b91d268f952a6a9cbbee183a243d2ae1da8ea5245d65a593e78997a89a0b7a53da2e7b0fe2d0ed1ef8a5ec6a13fb6da15576d
-
SSDEEP
49152:PwREDDMg5P/Zq4tWt2mw4z0g3QBrTuCdHeMxWrP+beY7UY714:PwREV0aWt9DzJQ5uCdMwZgV
Malware Config
Extracted
darkgate
x88y8y
195.123.213.38
-
anti_analysis
true
-
anti_debug
false
-
anti_vm
true
-
c2_port
80
-
check_disk
false
-
check_ram
false
-
check_xeon
false
-
crypter_au3
false
-
crypter_dll
false
-
crypter_raw_stub
false
-
internal_mutex
FIDnZami
-
minimum_disk
100
-
minimum_ram
4096
-
ping_interval
6
-
rootkit
false
-
startup_persistence
true
-
username
x88y8y
Targets
-
-
Target
0ddf2018b6c181179675bb4c05f1063043ae6028f98ed36b9300034dba7c911f
-
Size
2.8MB
-
MD5
21192107ddba6fc07a531513a9d95d10
-
SHA1
067b39107666d5056c97165432c999453936a9ff
-
SHA256
0ddf2018b6c181179675bb4c05f1063043ae6028f98ed36b9300034dba7c911f
-
SHA512
9ba0bd0c68f7a49271bfdbb4359b91d268f952a6a9cbbee183a243d2ae1da8ea5245d65a593e78997a89a0b7a53da2e7b0fe2d0ed1ef8a5ec6a13fb6da15576d
-
SSDEEP
49152:PwREDDMg5P/Zq4tWt2mw4z0g3QBrTuCdHeMxWrP+beY7UY714:PwREV0aWt9DzJQ5uCdMwZgV
Score10/10-
DarkGate
DarkGate is an infostealer written in C++.
-
Detect DarkGate stealer
-
Executes dropped EXE
-
Loads dropped DLL
-
Command and Scripting Interpreter: AutoIT
Using AutoIT for possible automate script.
-