General

  • Target

    Advanced_IP_Scanner.zip

  • Size

    347KB

  • Sample

    230824-gghcssad79

  • MD5

    15a80fb554192328301e0275f1b8c111

  • SHA1

    797d716ca589cf556e18d07aca429a68ba27b283

  • SHA256

    b88527484a930bc58682102f24dfa004eb0904b17e5c63d4def19b938575076e

  • SHA512

    f37a33016b0e747489d87440206de65a785415e72263f5c1ab13461a9c6430ed9d3245cbd375c16e97344c1f2dbcf42a450ec9fe143f7fbfc897e11b4cb31b59

  • SSDEEP

    6144:XCxRdJ47MWPqX+eJJCefLm8rc/pT2Ewth2T2dNIom9pzwNaj3SM:SPc7MWPSC49uwEK06EP9942R

Score
10/10

Malware Config

Extracted

Family

darkgate

C2

http://179.60.149.

Targets

    • Target

      Advanced_IP_Scanner_Setup.exe

    • Size

      474KB

    • MD5

      04ec4f58a1f4a87b5eeb1f4b7afc48e0

    • SHA1

      58dcb1cbbec071d036a07f0e8feb858e4c5b96e7

    • SHA256

      bd1af3dba56b129e6c624297eeed40c898fa2981fce5caafe467d88a748988a4

    • SHA512

      5b572a504fac599e7e3f726d391e8ffdc2d083745609315a203000e8dc79b94d777fc520eb6530444d84f1ac9aad51406b91b527d8434077a58524feeccbbd80

    • SSDEEP

      12288:riNAINi0BQjAHXrzYWZci2+BAusrte4P/:A9/L7zYWZT2+BAugeC

    Score
    10/10
    • DarkGate

      DarkGate is an infostealer written in C++.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      dbgeng.dll

    • Size

      89KB

    • MD5

      3321340768c7e8036392f1742edc531a

    • SHA1

      488189311043755c950dc4455fdc147308981039

    • SHA256

      02d2ef557072125aea14761ee14431fddc477bc134e2b6f5b355292e2cb76586

    • SHA512

      921f36994330439ce192e7114b9a702ac334a0da6c680dafdf20faca58c6ff5a9e62341586000b0829bd9d34a3de68632297b01aa75b7180fd67c7f9a496eaf5

    • SSDEEP

      1536:rgV47Ao7rCorOaa6a8G67dEVohCo8JvxMjNTF8ZRA5OZHeB9:0CU4rCorOxV76ZqohCo8JpMjT8A8A9

    Score
    1/10
    • Target

      sqlite3.dll

    • Size

      139KB

    • MD5

      6491c3517ebcd9286e3519837524a196

    • SHA1

      10645912b779c27f031e3e0885a268c27425935a

    • SHA256

      5fe3a8f392180732e4b05c5258919278c1af9e2a4c2a33aca4ea0392331c3a6a

    • SHA512

      4754babcafcb6b3930b178958e92a81f598ee15ff0d5240578b3172d7447fec5e57684f673b201462533a38fe1e0c1c046356790a92063494cd78ba403b3f935

    • SSDEEP

      3072:G4W0kFbPyk+NmiwMHdrCh1BP4Z3R788KE0Ezo6pc8pwpsxsHYNba0:G/9Lyk+NmRMHduh1BAZ3R788B0Ezo61r

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks