Overview

overview

10

Static

static

1

28102023_0...pet.js

windows7-x64

3

28102023_0...pet.js

windows10-1703-x64

10

28102023_0...pet.js

windows10-2004-x64

8

Resubmissions

27-10-2023 17:41

231027-v9hqxsgb3s 10

27-10-2023 17:25

231027-vzpfqahf58 10

27-10-2023 17:25

231027-vy9p9shf56 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    28102023_0125_trumpet.js

  • Size

    134KB

  • Sample

    231027-vzpfqahf58

  • MD5

    63fdbf0bf47d957bc9e77b9bbc7cdaf0

  • SHA1

    3f3d8c96f6cf374c22dd6eac5a1c958482bbe829

  • SHA256

    5d7605d640f5ede04a0e61024513f386730bfa223f39ac0d4cf2830ea6dc8500

  • SHA512

    3c5e6568396ccd2fa63b993cab6c925af83b292a1d0f6e0f22c145c65e7723e698efd2613c202177c695e2038a0295855f8d9b7168815630be990430c2e51849

  • SSDEEP

    1536:hZUTSCM9Cfq7u02PmUVdGXjXl4xc5KTPBoMqS7j8frPWgtZPnCUQrNgZnFFQE/08:UT9U7hgaX6eerjqlI2IO6Mzqf40Ml/

Score
10/10
darkgateuser_871236672stealer

Malware Config

Extracted

Family

darkgate

Botnet

user_871236672

C2

http://profitcentronline.com

Attributes
  • alternative_c2_port

    8080

  • anti_analysis

    true

  • anti_debug

    true

  • anti_vm

    true

  • c2_port

    2351

  • check_disk

    true

  • check_ram

    true

  • check_xeon

    true

  • crypter_au3

    false

  • crypter_dll

    false

  • crypter_rawstub

    true

  • crypto_key

    KispcMbVooJeJD

  • internal_mutex

    txtMut

  • minimum_disk

    40

  • minimum_ram

    6000

  • ping_interval

    4

  • rootkit

    true

  • startup_persistence

    true

  • username

    user_871236672

Targets

    • Target

      28102023_0125_trumpet.js

    • Size

      134KB

    • MD5

      63fdbf0bf47d957bc9e77b9bbc7cdaf0

    • SHA1

      3f3d8c96f6cf374c22dd6eac5a1c958482bbe829

    • SHA256

      5d7605d640f5ede04a0e61024513f386730bfa223f39ac0d4cf2830ea6dc8500

    • SHA512

      3c5e6568396ccd2fa63b993cab6c925af83b292a1d0f6e0f22c145c65e7723e698efd2613c202177c695e2038a0295855f8d9b7168815630be990430c2e51849

    • SSDEEP

      1536:hZUTSCM9Cfq7u02PmUVdGXjXl4xc5KTPBoMqS7j8frPWgtZPnCUQrNgZnFFQE/08:UT9U7hgaX6eerjqlI2IO6Mzqf40Ml/

    Score
    10/10
    darkgateuser_871236672stealer

    • DarkGate

      DarkGate is an infostealer written in C++.

      stealerdarkgate

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral1behavioral2behavioral3

MITRE ATT&CK Enterprise v15

Tasks