Overview

overview

10

Static

static

1

049678cfcf...d8.msi

windows7-x64

10

049678cfcf...d8.msi

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5d1218b97ae88e093951b73f8211dd0c.bin

  • Size

    1.6MB

  • Sample

    231011-pvbfeaga8s

  • MD5

    525877f322cd746009dac46605a25447

  • SHA1

    1b4d8de260fe5a5d92baa1a42bf73d61a6eb69db

  • SHA256

    76454fb381a1acb6caa6a58a7c8537c6d803b3d4fcc27388f18814f02ad9949a

  • SHA512

    fa84968ed8bfe8a49d0462f35ed8a68a32766131148680f3cbd04f46cb52f8a178c2832133e43320fb5a7da7218fa5f079ce3865a14ac0ce56f0bf50bc2d07af

  • SSDEEP

    24576:UOKlQ6ce1/3lF/Xcuat/qs4xOSernxyH+Ig5YIbUjf7UhCXR5vxWWXL+n+LozhHG:klBHX6/4xpTAYPIhAvAWu+whHrQNCuH

Score
10/10
darkgateaa11discoverystealer

Malware Config

Extracted

Family

darkgate

Botnet

AA11

C2

http://94.228.169.143

Attributes
  • alternative_c2_port

    8080

  • anti_analysis

    true

  • anti_debug

    true

  • anti_vm

    false

  • c2_port

    2351

  • check_disk

    false

  • check_ram

    false

  • check_xeon

    false

  • crypter_au3

    true

  • crypter_dll

    false

  • crypter_rawstub

    false

  • crypto_key

    bABouSDRyBocvj

  • internal_mutex

    txtMut

  • minimum_disk

    100

  • minimum_ram

    4096

  • ping_interval

    4

  • rootkit

    true

  • startup_persistence

    true

  • username

    AA11

Targets

    • Target

      049678cfcf03f4908e7dc5b5a8e12d89fa9eb576c7b508ee1f553c1e08fee7d8.msi

    • Size

      1.8MB

    • MD5

      5d1218b97ae88e093951b73f8211dd0c

    • SHA1

      d9c2b229d47cfa5c3b4744b6cd79982f6db9c364

    • SHA256

      049678cfcf03f4908e7dc5b5a8e12d89fa9eb576c7b508ee1f553c1e08fee7d8

    • SHA512

      b69233f31fbe685b8c9e2abf11284bae19dc83146d19650d233fc9bdf33888c414661070fbccee9367f3941c49180fbea6504ae751fa2e87b80138ee818e841d

    • SSDEEP

      49152:epUPfjpSNeHaHGYayNId4pWL56Hq05vHjYL57CBN4/6sT:epeeHGKId+W1n6/01kN4ysT

    Score
    10/10
    darkgateaa11discoverystealer

    • DarkGate

      DarkGate is an infostealer written in C++.

      stealerdarkgate

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks