Overview

overview

10

Static

static

1

XAC21SDADXCADVASD3.js

windows7-x64

3

XAC21SDADXCADVASD3.js

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    03112023_0950_XAC21SDADXCADVASD3.zip

  • Size

    34KB

  • Sample

    231103-b9lyssac5x

  • MD5

    578b8ad53e86a39f7534d34831b999e6

  • SHA1

    6b007ad5d4892413328469f4280e4f2b3b745e8e

  • SHA256

    81caa473d18ad62f91cf713a1961d134b6943484008f7f07e08c921815475e61

  • SHA512

    b9c55a407407c8bbaef202353a4205f12c70ff393fdf34ec3dd3b15bb4a2ec2682e6f2e19bf976e84c549a0c9fc8eb238c15203b1b1e4d99fa6400f802cece42

  • SSDEEP

    768:a95XlQPC5CoZZt+A3Uh8lyQVn1Mv5Ww3MquY/9xEC2u:a95Xu7oZLUClZVnUMCME9su

Score
10/10
darkgateuser_871236672stealer

Malware Config

Extracted

Family

darkgate

Botnet

user_871236672

C2

http://jeraldsin3dsajdklafdmonk.com

Attributes
  • alternative_c2_port

    8080

  • anti_analysis

    true

  • anti_debug

    true

  • anti_vm

    true

  • c2_port

    2351

  • check_disk

    true

  • check_ram

    true

  • check_xeon

    false

  • crypter_au3

    false

  • crypter_dll

    false

  • crypter_rawstub

    true

  • crypto_key

    jALdIGkuGDFSmI

  • internal_mutex

    txtMut

  • minimum_disk

    70

  • minimum_ram

    6000

  • ping_interval

    4

  • rootkit

    true

  • startup_persistence

    true

  • username

    user_871236672

Targets

    • Target

      XAC21SDADXCADVASD3.js

    • Size

      135KB

    • MD5

      2bacda979c484df5fd7784c99fc455b7

    • SHA1

      428d1b68b85af4b318153f97d65214e3f6da19bd

    • SHA256

      bac9fd3ebd3834621e46688476885dca7005e78eda48bc9c1271bf9e203afc6a

    • SHA512

      6b4f40b7a76b9314c5c6513cc115e2665339181f3d88f50b165abb5a93f0575beeb204d52bc6af3180f3808a1abfb2bf54fd254a06fc9511ab7e651a1dce45d1

    • SSDEEP

      1536:BZUTSCM9Cfq7u02PmUVdGXjXl4xc5KTPBoMqS7j8frPWgtZPnCUQrNgZnFFQE/0t:0T9U7hgaX6eerjqlI2IO6Mzqfl

    Score
    10/10
    darkgateuser_871236672stealer

    • DarkGate

      DarkGate is an infostealer written in C++.

      stealerdarkgate

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks