Overview

overview

10

Static

static

1

mkpub_XJZ.vbs

windows7-x64

8

mkpub_XJZ.vbs

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    mkpub_XJZ.vbs

  • Size

    3KB

  • Sample

    231002-qtstqsbb5w

  • MD5

    f291fb33af097675047e8818db037f7a

  • SHA1

    a3c614d7d71468d9a1018935fdcd5891c24c027c

  • SHA256

    8fa02af99bf10e756bc61dd214f3470ac85c2eb646c78f8fd2aa7932bc72c6bb

  • SHA512

    96c61b9ed56f3ea2545da04be878d46f98e056f37852176ffc02f986e3499a6af47cacb2bbf7a881a7bd117d09a5438f4ad03902f9fccc8f0fc0275f44e6b934

Score
10/10
darkgatestealer

Malware Config

Extracted

Family

darkgate

C2

http://81.19.135.17

Targets

    • Target

      mkpub_XJZ.vbs

    • Size

      3KB

    • MD5

      f291fb33af097675047e8818db037f7a

    • SHA1

      a3c614d7d71468d9a1018935fdcd5891c24c027c

    • SHA256

      8fa02af99bf10e756bc61dd214f3470ac85c2eb646c78f8fd2aa7932bc72c6bb

    • SHA512

      96c61b9ed56f3ea2545da04be878d46f98e056f37852176ffc02f986e3499a6af47cacb2bbf7a881a7bd117d09a5438f4ad03902f9fccc8f0fc0275f44e6b934

    Score
    10/10
    darkgatestealer

    • DarkGate

      DarkGate is an infostealer written in C++.

      stealerdarkgate

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks