Overview

overview

10

Static

static

1

ByI.vbs

windows7-x64

8

ByI.vbs

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ByI.vbs

  • Size

    14KB

  • Sample

    230927-rvpn5sbd3x

  • MD5

    1bac3ba2e3941dea6a6541961be54e80

  • SHA1

    5991e6f26e7c302708a4be73ffd56bca636009fc

  • SHA256

    643c85416ff830ae12c09960d837f39e2605cab1dc4dbdcf5de3ea383b5e27cc

  • SHA512

    38cf48e0a9b1521067b7f199b57996d0e434fe355b39492d5e3c594dae15769040624922f1cc94630475dd71e815514b47cddfc02e336673ec7b8649e771317a

  • SSDEEP

    24:6v/AE+kto64KBiHDmDHCWkqalW95VuF9/ITLBLdhXdHxjszxo+0Qg0:cn+kxJQyDHVxaM3cfI3RftuVvn

Score
10/10
darkgatestealer

Malware Config

Extracted

Family

darkgate

C2

http://94.228.169.143

Targets

    • Target

      ByI.vbs

    • Size

      14KB

    • MD5

      1bac3ba2e3941dea6a6541961be54e80

    • SHA1

      5991e6f26e7c302708a4be73ffd56bca636009fc

    • SHA256

      643c85416ff830ae12c09960d837f39e2605cab1dc4dbdcf5de3ea383b5e27cc

    • SHA512

      38cf48e0a9b1521067b7f199b57996d0e434fe355b39492d5e3c594dae15769040624922f1cc94630475dd71e815514b47cddfc02e336673ec7b8649e771317a

    • SSDEEP

      24:6v/AE+kto64KBiHDmDHCWkqalW95VuF9/ITLBLdhXdHxjszxo+0Qg0:cn+kxJQyDHVxaM3cfI3RftuVvn

    Score
    10/10
    darkgatestealer

    • DarkGate

      DarkGate is an infostealer written in C++.

      stealerdarkgate

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks