darkgate | 8a93eabf56949eb69dc5c81a39645fec215d967d126751a8bb72e2f90a3c41c7 | Triage

Sharing

General

Target

8a93eabf56949eb69dc5c81a39645fec215d967d126751a8bb72e2f90a3c41c7
Size

434KB
MD5

32779bb4eda0b1834dc50d88f4930c3e
SHA1

7041fb14c8593d2657d4244d6930a35a2745f96e
SHA256

8a93eabf56949eb69dc5c81a39645fec215d967d126751a8bb72e2f90a3c41c7
SHA512

aeb8e88e9b016df87228be72517694f1c382fde0e1f42bb3e91f0fba22ef8abc7298aec89cb8439d1c1bb20ae2429f1d4bee5a99f9fd78f4a8d7840ca856b0c8
SSDEEP

12288:ObfJmY1oCMa3Wyex7ykWynLSKJ13oqnuj/ro:O7bKCM0ax7ykWynLRJ1Y+uTro

Score

10^/10

darkgate

Malware Config

Extracted

Family

darkgate

Version

C2

http://sanibroadbandcommunicton.duckdns.org

Attributes

anti_analysis
false
anti_debug
false
anti_vm
false
c2_port
5864
check_disk
false
check_ram
false
check_xeon
false
crypter_au3
false
crypter_dll
false
crypter_raw_stub
true
crypto_key
LAbQdWWsbybjAY
internal_mutex
bbcAde
minimum_disk
100
minimum_ram
4096
ping_interval
10
rootkit
false
startup_persistence
false

Signatures

Darkgate family
darkgate

Detect DarkGate stealer 1 IoCs

resource	yara_rule
sample	family_darkgate_v6

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8a93eabf56949eb69dc5c81a39645fec215d967d126751a8bb72e2f90a3c41c7

Files

8a93eabf56949eb69dc5c81a39645fec215d967d126751a8bb72e2f90a3c41c7
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 367KB - Virtual size: 367KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 12B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ