General

  • Target

    01112023_2235_InstallerStart.msi

  • Size

    8.3MB

  • Sample

    231101-rx6ensaa31

  • MD5

    ae1cc1647c5530374ced0e755108073f

  • SHA1

    abb17ed6017bfa0417586f72722c44e8d65be1c4

  • SHA256

    b85d5fa9ff6d33988a931233a84a3545f0066dc0fc6c066d3465f0e090fd1c1a

  • SHA512

    e5007a11f44dd40ebd7dee049278d98d80124653961fa4d697488eb2dae136d93650c85be5816f5b065992fbbcce598180f4e5dc4cdf02c227494630eb67c357

  • SSDEEP

    196608:+kdAirk9zqV8GinTPMoGkd/ROfL0uUmN4in1VAnEVYxVSe3M4q:ldAirAzqVAnTPMgd+0ogHnF3MZ

Malware Config

Extracted

Family

darkgate

Botnet

ADS5

C2

http://sftp.bitepieces.com

Attributes
  • alternative_c2_port

    8080

  • anti_analysis

    true

  • anti_debug

    true

  • anti_vm

    true

  • c2_port

    443

  • check_disk

    true

  • check_ram

    true

  • check_xeon

    true

  • crypter_au3

    false

  • crypter_dll

    false

  • crypter_rawstub

    true

  • crypto_key

    rshaUPDveeNecx

  • internal_mutex

    txtMut

  • minimum_disk

    40

  • minimum_ram

    5000

  • ping_interval

    4

  • rootkit

    true

  • startup_persistence

    true

  • username

    ADS5

Targets

    • Target

      01112023_2235_InstallerStart.msi

    • Size

      8.3MB

    • MD5

      ae1cc1647c5530374ced0e755108073f

    • SHA1

      abb17ed6017bfa0417586f72722c44e8d65be1c4

    • SHA256

      b85d5fa9ff6d33988a931233a84a3545f0066dc0fc6c066d3465f0e090fd1c1a

    • SHA512

      e5007a11f44dd40ebd7dee049278d98d80124653961fa4d697488eb2dae136d93650c85be5816f5b065992fbbcce598180f4e5dc4cdf02c227494630eb67c357

    • SSDEEP

      196608:+kdAirk9zqV8GinTPMoGkd/ROfL0uUmN4in1VAnEVYxVSe3M4q:ldAirAzqVAnTPMgd+0ogHnF3MZ

    • DarkGate

      DarkGate is an infostealer written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks