General

  • Target

    02112023_2233_00pack.msi

  • Size

    8.3MB

  • Sample

    231102-rw846sfb77

  • MD5

    5d97d62b9c65ce53095c58bb977f1336

  • SHA1

    2d08cd587b7ec6c7afa71c60e9c045dc5f728d4b

  • SHA256

    32039dccac205468c9f43636815e636f4dc821081f495f4bacebbbaa6f05818d

  • SHA512

    8b5101b9d0e0812eb059d74b93ee570aba93e841d2c0ec58be5e06ba0fc60770e92639aded7fd87149a2626e33dec954b05a9c941de67a17abb4a8db65478c44

  • SSDEEP

    196608:BkdAirk9zqV8GinTPMoGkd/ROfL0uUmN4in1VAnEVYxVSe3l/3Ka:WdAirAzqVAnTPMgd+0ogHnF3l3

Malware Config

Extracted

Family

darkgate

Botnet

user_871236672

C2

http://shsukadadyuikmmonk.com

Attributes
  • alternative_c2_port

    8080

  • anti_analysis

    true

  • anti_debug

    false

  • anti_vm

    true

  • c2_port

    2351

  • check_disk

    true

  • check_ram

    true

  • check_xeon

    false

  • crypter_au3

    false

  • crypter_dll

    false

  • crypter_rawstub

    true

  • crypto_key

    kPNVJIWEwOcGPL

  • internal_mutex

    txtMut

  • minimum_disk

    50

  • minimum_ram

    6001

  • ping_interval

    4

  • rootkit

    true

  • startup_persistence

    true

  • username

    user_871236672

Targets

    • Target

      02112023_2233_00pack.msi

    • Size

      8.3MB

    • MD5

      5d97d62b9c65ce53095c58bb977f1336

    • SHA1

      2d08cd587b7ec6c7afa71c60e9c045dc5f728d4b

    • SHA256

      32039dccac205468c9f43636815e636f4dc821081f495f4bacebbbaa6f05818d

    • SHA512

      8b5101b9d0e0812eb059d74b93ee570aba93e841d2c0ec58be5e06ba0fc60770e92639aded7fd87149a2626e33dec954b05a9c941de67a17abb4a8db65478c44

    • SSDEEP

      196608:BkdAirk9zqV8GinTPMoGkd/ROfL0uUmN4in1VAnEVYxVSe3l/3Ka:WdAirAzqVAnTPMgd+0ogHnF3l3

    • DarkGate

      DarkGate is an infostealer written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks