Resubmissions

04-10-2023 14:22

231004-rpmycsed29 10

04-10-2023 13:53

231004-q6y7aaeb22 10

General

  • Target

    Test_395-13959.zip

  • Size

    6.9MB

  • Sample

    231004-rpmycsed29

  • MD5

    e338dea73983feaf5bb00fd510f995c1

  • SHA1

    e82c11612c0870e8175eafa8c9c5f9151d0b80d7

  • SHA256

    88b5e4b1b533c398d790fbe974b2b369d72268069dcc64b53a742f4d1361c6bf

  • SHA512

    1268a97a0afa4a7dff2a6b1429ec13143ce14c238a49f9b9cf3e8ee4adf0a1ebc388195b02a0a09a7a1ab7865eaed1d16826b7f3921111547f52158f2db14cbd

  • SSDEEP

    49152:LzgZNELkkGo137QXFsHKCaEcFMICJ/r1lHszS6rY7fch38ZkcwMKvmLXhEbvYrTJ:V

Score
10/10

Malware Config

Extracted

Family

darkgate

Botnet

A1111

C2

http://getldrrgoodgame.com

Attributes
  • alternative_c2_port

    8080

  • anti_analysis

    true

  • anti_debug

    true

  • anti_vm

    false

  • c2_port

    2351

  • check_disk

    false

  • check_ram

    false

  • check_xeon

    false

  • crypter_au3

    true

  • crypter_dll

    false

  • crypter_rawstub

    false

  • crypto_key

    eYCqpouVyqrXSL

  • internal_mutex

    txtMut

  • minimum_disk

    100

  • minimum_ram

    4096

  • ping_interval

    4

  • rootkit

    true

  • startup_persistence

    true

  • username

    A1111

Targets

    • Target

      Test_395-13959.vbs

    • Size

      6.9MB

    • MD5

      5a9c56d5b6a4ae5fc402d99fa45f5598

    • SHA1

      d1572724ca4ecc99edaf4104f51385265bb27682

    • SHA256

      961372719771b69d8cf4d62f2b3703d7322544d16dc08036a217102382200498

    • SHA512

      5c9ab4ba5c102217077e6b4981f99c1bbf7e0a1842bfe38edcaa5e5b59d3c7bc11a8954eb8917d05dc7addc4023fbc0758e7ed2ddcce861503ff940fcad93e57

    • SSDEEP

      49152:jzgZNELkkGo137QXFsHKCaEcFMICJ/r1lHszS6rY7fch38ZkcwMKvmLXhEbvYrTJ:t

    Score
    10/10
    • DarkGate

      DarkGate is an infostealer written in C++.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks