Overview

overview

10

Static

static

1

GGGGGElicnse.js

windows7-x64

3

GGGGGElicnse.js

windows10-1703-x64

10

GGGGGElicnse.js

windows10-2004-x64

10

Resubmissions

03-11-2023 18:55

231103-xkzz1sah53 10

03-11-2023 18:43

231103-xczz2sge6z 10

03-11-2023 18:17

231103-ww7nkaga8x 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    04112023_0217_GGGGGElicnse.zip

  • Size

    65KB

  • Sample

    231103-xczz2sge6z

  • MD5

    7adff3b753b86dd76bf901eaf1fd0ab5

  • SHA1

    4bdd37c8f66c89ae3dba85a5101d1329156fa1f7

  • SHA256

    cf4d7ebbd49811c02587417e1a74f79b9a997be243384ac39fb49ff9883d3e1f

  • SHA512

    626de3dd6149733a75a5b2b8e40c3a0934d1a8da7533ba8289059582f55f4333c0ed105b0563c115214a0ce1ab039521a6b2151925b73b24f64f6823e2f5f3cc

  • SSDEEP

    1536:o4nwR7ntI3tTeyBLdwFOxmSkq4m0BHEV5zETr:bwFAd1BLsO0q43Bsxm

Score
10/10
darkgateuser_871236672stealer

Malware Config

Extracted

Family

darkgate

Botnet

user_871236672

C2

http://showmoreresultonliner.com

Attributes
  • alternative_c2_port

    8080

  • anti_analysis

    true

  • anti_debug

    true

  • anti_vm

    true

  • c2_port

    2351

  • check_disk

    true

  • check_ram

    true

  • check_xeon

    false

  • crypter_au3

    false

  • crypter_dll

    false

  • crypter_rawstub

    true

  • crypto_key

    DDfcMjFaEKfNOW

  • internal_mutex

    txtMut

  • minimum_disk

    60

  • minimum_ram

    6000

  • ping_interval

    4

  • rootkit

    true

  • startup_persistence

    true

  • username

    user_871236672

Targets

    • Target

      GGGGGElicnse.js

    • Size

      253KB

    • MD5

      bb897b6af926de14bba7e9752318061a

    • SHA1

      2dbd55f9cedb96553a18cb863e27b8d608cce40c

    • SHA256

      ae0f7106f8b0e11c5526a8f1326c4705266a24cc933b5caa4dca735692cd959f

    • SHA512

      9c0e544f9748339b1c6e480468f8d8fde1601ba9c2bf9c17c1d5858f640dc197ebd2dc93a78f3cb525f7bc8887ba45eb678e2dbbd52a3f9dbd65ae543672d09b

    • SSDEEP

      6144:de7hgXeerjqlI2Iro+W8Bne7hgXeerjqlI2Iro+8:dIhgSlI23J8pIhgSlI23V

    Score
    10/10
    darkgateuser_871236672stealer

    • DarkGate

      DarkGate is an infostealer written in C++.

      stealerdarkgate

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral1behavioral2behavioral3

MITRE ATT&CK Enterprise v15

Tasks