Overview

overview

10

Static

static

1

Project_1650464.msi

windows7-x64

10

Project_1650464.msi

windows10-2004-x64

10

Resubmissions

20-09-2023 12:31

230920-pp6pcsac59 10

26-07-2023 13:48

230726-q34mlacc72 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Project_1650464.msi

  • Size

    1.8MB

  • Sample

    230920-pp6pcsac59

  • MD5

    247a8cc39384e93d258360a11381000f

  • SHA1

    23893f035f8564dfea5030b9fdd54120d96072bb

  • SHA256

    6e068b9dcd8df03fd6456faeb4293c036b91a130a18f86a945c8964a576c1c70

  • SHA512

    336eca9569c0072e92ce16743f47ba9d6be06390a196f8e81654d6a42642ff5c99e423bfed00a8396bb0b037d5b54df8c3bde53757646e7e1a204f3be271c998

  • SSDEEP

    24576:ftncpVGP4I9FsEsyt8l+E+s1tB7parWM0+AL5QgZQvUXtAqlU0ZyMRp:epUP59FBJZEH1X1arF0vN/nX

Score
10/10
darkgatediscoverystealer

Malware Config

Extracted

Family

darkgate

C2

http://80.66.88.145

Targets

    • Target

      Project_1650464.msi

    • Size

      1.8MB

    • MD5

      247a8cc39384e93d258360a11381000f

    • SHA1

      23893f035f8564dfea5030b9fdd54120d96072bb

    • SHA256

      6e068b9dcd8df03fd6456faeb4293c036b91a130a18f86a945c8964a576c1c70

    • SHA512

      336eca9569c0072e92ce16743f47ba9d6be06390a196f8e81654d6a42642ff5c99e423bfed00a8396bb0b037d5b54df8c3bde53757646e7e1a204f3be271c998

    • SSDEEP

      24576:ftncpVGP4I9FsEsyt8l+E+s1tB7parWM0+AL5QgZQvUXtAqlU0ZyMRp:epUP59FBJZEH1X1arF0vN/nX

    Score
    10/10
    darkgatediscoverystealer

    • DarkGate

      DarkGate is an infostealer written in C++.

      stealerdarkgate

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks