Overview

overview

10

Static

static

1

Test_395-13959.vbs

windows7-x64

8

Test_395-13959.vbs

windows10-2004-x64

10

Resubmissions

04-10-2023 14:22

231004-rpmycsed29 10

04-10-2023 13:53

231004-q6y7aaeb22 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Test_395-13959.zip

  • Size

    6.9MB

  • Sample

    231004-q6y7aaeb22

  • MD5

    e338dea73983feaf5bb00fd510f995c1

  • SHA1

    e82c11612c0870e8175eafa8c9c5f9151d0b80d7

  • SHA256

    88b5e4b1b533c398d790fbe974b2b369d72268069dcc64b53a742f4d1361c6bf

  • SHA512

    1268a97a0afa4a7dff2a6b1429ec13143ce14c238a49f9b9cf3e8ee4adf0a1ebc388195b02a0a09a7a1ab7865eaed1d16826b7f3921111547f52158f2db14cbd

  • SSDEEP

    49152:LzgZNELkkGo137QXFsHKCaEcFMICJ/r1lHszS6rY7fch38ZkcwMKvmLXhEbvYrTJ:V

Score
10/10
darkgatestealer

Malware Config

Extracted

Family

darkgate

C2

http://getldrrgoodgame.com

Targets

    • Target

      Test_395-13959.vbs

    • Size

      6.9MB

    • MD5

      5a9c56d5b6a4ae5fc402d99fa45f5598

    • SHA1

      d1572724ca4ecc99edaf4104f51385265bb27682

    • SHA256

      961372719771b69d8cf4d62f2b3703d7322544d16dc08036a217102382200498

    • SHA512

      5c9ab4ba5c102217077e6b4981f99c1bbf7e0a1842bfe38edcaa5e5b59d3c7bc11a8954eb8917d05dc7addc4023fbc0758e7ed2ddcce861503ff940fcad93e57

    • SSDEEP

      49152:jzgZNELkkGo137QXFsHKCaEcFMICJ/r1lHszS6rY7fch38ZkcwMKvmLXhEbvYrTJ:t

    Score
    10/10
    darkgatestealer

    • DarkGate

      DarkGate is an infostealer written in C++.

      stealerdarkgate

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks