General

  • Target

    01112023_2236_start.js

  • Size

    134KB

  • Sample

    231101-ryn7sabf34

  • MD5

    dcd93074a58d3cee317dd14451943dac

  • SHA1

    9d57daddc2fd1202a8dc2dd12374f3c0d9416add

  • SHA256

    b1c78d7293024f04bd2b4f48e5be730f852a7171c977b192b612cb215efa8fa5

  • SHA512

    8a39bcd5d18fbebf20a1b20f95252ae12611c5a6a3571135e9c496c354e8d81a507c95ab3fa99bac0442cc64c501dd36e2be0385998d1396d317ef462b2b0905

  • SSDEEP

    1536:SZUTSCM9Cfq7u02PmUVdGXjXl4xc5KTPBoMqS7j8frPWgtZPnCUQrNgZnFFQE/0A:hT9U7hgaX6eerjqlI2IO6MzqfY

Score
10/10

Malware Config

Extracted

Family

darkgate

Botnet

ADS5

C2

http://sftp.bitepieces.com

Attributes
  • alternative_c2_port

    8080

  • anti_analysis

    true

  • anti_debug

    true

  • anti_vm

    true

  • c2_port

    443

  • check_disk

    true

  • check_ram

    true

  • check_xeon

    true

  • crypter_au3

    false

  • crypter_dll

    false

  • crypter_rawstub

    true

  • crypto_key

    OTiRXoGVeWznZY

  • internal_mutex

    txtMut

  • minimum_disk

    40

  • minimum_ram

    5000

  • ping_interval

    4

  • rootkit

    true

  • startup_persistence

    true

  • username

    ADS5

Targets

    • Target

      01112023_2236_start.js

    • Size

      134KB

    • MD5

      dcd93074a58d3cee317dd14451943dac

    • SHA1

      9d57daddc2fd1202a8dc2dd12374f3c0d9416add

    • SHA256

      b1c78d7293024f04bd2b4f48e5be730f852a7171c977b192b612cb215efa8fa5

    • SHA512

      8a39bcd5d18fbebf20a1b20f95252ae12611c5a6a3571135e9c496c354e8d81a507c95ab3fa99bac0442cc64c501dd36e2be0385998d1396d317ef462b2b0905

    • SSDEEP

      1536:SZUTSCM9Cfq7u02PmUVdGXjXl4xc5KTPBoMqS7j8frPWgtZPnCUQrNgZnFFQE/0A:hT9U7hgaX6eerjqlI2IO6MzqfY

    Score
    10/10
    • DarkGate

      DarkGate is an infostealer written in C++.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks