Overview

overview

10

Static

static

1

Test_395-13959.vbs

windows7-x64

8

Test_395-13959.vbs

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Test_395-13959.vbs

  • Size

    6.9MB

  • Sample

    231004-ty8yasda5s

  • MD5

    5a9c56d5b6a4ae5fc402d99fa45f5598

  • SHA1

    d1572724ca4ecc99edaf4104f51385265bb27682

  • SHA256

    961372719771b69d8cf4d62f2b3703d7322544d16dc08036a217102382200498

  • SHA512

    5c9ab4ba5c102217077e6b4981f99c1bbf7e0a1842bfe38edcaa5e5b59d3c7bc11a8954eb8917d05dc7addc4023fbc0758e7ed2ddcce861503ff940fcad93e57

  • SSDEEP

    49152:jzgZNELkkGo137QXFsHKCaEcFMICJ/r1lHszS6rY7fch38ZkcwMKvmLXhEbvYrTJ:t

Score
10/10
darkgatea1111stealer

Malware Config

Extracted

Family

darkgate

Botnet

A1111

C2

http://getldrrgoodgame.com

Attributes
  • alternative_c2_port

    8080

  • anti_analysis

    true

  • anti_debug

    true

  • anti_vm

    false

  • c2_port

    2351

  • check_disk

    false

  • check_ram

    false

  • check_xeon

    false

  • crypter_au3

    true

  • crypter_dll

    false

  • crypter_rawstub

    false

  • crypto_key

    eYCqpouVyqrXSL

  • internal_mutex

    txtMut

  • minimum_disk

    100

  • minimum_ram

    4096

  • ping_interval

    4

  • rootkit

    true

  • startup_persistence

    true

  • username

    A1111

Targets

    • Target

      Test_395-13959.vbs

    • Size

      6.9MB

    • MD5

      5a9c56d5b6a4ae5fc402d99fa45f5598

    • SHA1

      d1572724ca4ecc99edaf4104f51385265bb27682

    • SHA256

      961372719771b69d8cf4d62f2b3703d7322544d16dc08036a217102382200498

    • SHA512

      5c9ab4ba5c102217077e6b4981f99c1bbf7e0a1842bfe38edcaa5e5b59d3c7bc11a8954eb8917d05dc7addc4023fbc0758e7ed2ddcce861503ff940fcad93e57

    • SSDEEP

      49152:jzgZNELkkGo137QXFsHKCaEcFMICJ/r1lHszS6rY7fch38ZkcwMKvmLXhEbvYrTJ:t

    Score
    10/10
    darkgatea1111stealer

    • DarkGate

      DarkGate is an infostealer written in C++.

      stealerdarkgate

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks