General
-
Target
yutighh.zip
-
Size
783KB
-
Sample
241214-zkqgpavrgj
-
MD5
5299cf20895b7f36e4e7943aaf6bee31
-
SHA1
95395ff87d3d2fe64e32fbc870a15d7c5445394e
-
SHA256
0cd41809a1231acb1d5e41ac2bddbed3fbedfba12b716206a7718b834bb17233
-
SHA512
f3beb4233a5b360d699274f1ce08bcccbf5894789572e024d992514e8933cc27013bde1345d10d73c70d8df1c147cd74e00bfd5cef6decf35d49e3c9ead14b13
-
SSDEEP
12288:+V2jOoeMNnYVzh4BQqJfII8u/EOTKmcI3EUsg2SmMKW9btSKhWIdmxGxl2R54xRQ:+VtCIC5fCeEOqI3EfJSrKw5pW+yGSIRQ
Malware Config
Extracted
darkgate
rjacline01395
154.216.16.83
-
anti_analysis
false
-
anti_debug
false
-
anti_vm
false
-
c2_port
80
-
check_disk
false
-
check_ram
false
-
check_xeon
false
-
crypter_au3
false
-
crypter_dll
false
-
crypter_raw_stub
false
-
internal_mutex
VyUZUiNl
-
minimum_disk
100
-
minimum_ram
4096
-
ping_interval
6
-
rootkit
false
-
startup_persistence
true
-
username
rjacline01395
Targets
-
-
Target
exec.bat
-
Size
53B
-
MD5
a24cdae72701eb47de5b5fa23f1a334b
-
SHA1
81ade1778e4d23368acd572fd341b20c4213195d
-
SHA256
427ec87377d45ea1177db38051472043b0674ab8f0c181d2386fcf26a0f54636
-
SHA512
dfe87e8989acd2213603b61198b6ccc5de7252c0ee000f1fd037f8c9b0ee98072e84293573be7fba5b1e9219c62ff0f407a3ad2886790dda68eaad0fdb8595e2
Score10/10-
DarkGate
DarkGate is an infostealer written in C++.
-
Darkgate family
-
Detect DarkGate stealer
-
Adds Run key to start application
-
Command and Scripting Interpreter: AutoIT
Using AutoIT for possible automate script.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1