General
-
Target
malware.zip
-
Size
1.7MB
-
Sample
250120-mvfzsavrfl
-
MD5
c86b5f92dfd5d85bb1ce6430faa8db64
-
SHA1
ea60af080ebb9b69752a11eeb7cf196e6c5c1102
-
SHA256
07193b01c5787e5b105cf683dea272f98cd9d049a6d15309c1c1470af29f7775
-
SHA512
79e2c8ba8db7015e48df200b06514f8b858fa4a363a991a04a7103c6c47553ec2af2c7a711f93aab32a5358338af9f737b77b206bdefb133f0d297176616782c
-
SSDEEP
49152:aG5QGM9dSDnLg1Gg5hTCVgZMbHenrOp6HXAndAQDSWE:tQGM9d4nL+GWoesQOAHw2QDE
Malware Config
Extracted
darkgate
drk2
179.60.149.194
-
anti_analysis
false
-
anti_debug
false
-
anti_vm
false
-
c2_port
80
-
check_disk
false
-
check_ram
false
-
check_xeon
false
-
crypter_au3
false
-
crypter_dll
false
-
crypter_raw_stub
false
-
internal_mutex
rsFxMyDX
-
minimum_disk
100
-
minimum_ram
4096
-
ping_interval
6
-
rootkit
false
-
startup_persistence
true
-
username
drk2
Targets
-
-
Target
4f30d975121d44705a79c4f5c8aeba80d8c97c8ef10c86fee011b99f12b173b4
-
Size
3.0MB
-
MD5
23bf3de50090db1ed82a2def00c5ffb7
-
SHA1
0fdb26c6202acb33eea938da1a492504035ff8c1
-
SHA256
4f30d975121d44705a79c4f5c8aeba80d8c97c8ef10c86fee011b99f12b173b4
-
SHA512
d3e76bac82a243f953cb325b56ab37ac7297571caf82045adcec92b6918ed3a6d775d7838328cdeec72b7178180c0aea98a9a4f5ac1c97d2d66de07af6038553
-
SSDEEP
49152:539fvhv48oM1tSkH+mO5MnkPSf+WE3X4izV4olmSFYH0upWbnGDVBe1AGLZ3yZDY:dpZRdUOkPYE35V4olmSFYUupW6ezLZ3N
Score10/10-
DarkGate
DarkGate is an infostealer written in C++.
-
Darkgate family
-
Detect DarkGate stealer
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Adds Run key to start application
-
Command and Scripting Interpreter: AutoIT
Using AutoIT for possible automate script.
-