darkgate | cdd23d5f3168d63370d835eed644272de21b3ff86556053686a485b016fe381f | Triage

Sharing

General

Target

09112023_0912_1e070c7d2e26a.zip
Size

8.4MB
Sample

231109-bkkz7sef5s
MD5

53d4c248a8da3693750137ef3475424d
SHA1

4e467dfc2912637d894c98dda7222a91045dd9d0
SHA256

cdd23d5f3168d63370d835eed644272de21b3ff86556053686a485b016fe381f
SHA512

f9e005a872610c66bfca1b3bbccfef2a4768bdf9bbda12c2628b8308ed9abb7475f978ed9d0ad247925ed2b9121b17517735fc3d1f759317c93ac53d46c12612
SSDEEP

196608:hr4E37/vBa+6ZrBRlfLT1vF7gkXJAv4bueB1s11YV+7MEfhVczTRBX1:hrX7/Q+6ZVRzvF7gkXJ2A9LVsMEf3cvt

Score

10^/10

darkgate plex discovery stealer

Malware Config

Extracted

Family

darkgate

Botnet

PLEX

C2

http://homeservicetreking.com

Attributes

alternative_c2_port
8080
anti_analysis
true
anti_debug
true
anti_vm
true
c2_port
8443
check_disk
false
check_ram
true
check_xeon
true
crypter_au3
false
crypter_dll
false
crypter_rawstub
true
crypto_key
UxRmvbdCWVKFVZ
internal_mutex
txtMut
minimum_disk
20
minimum_ram
6000
ping_interval
4
rootkit
true
startup_persistence
true
username
PLEX

Targets

- Target
  
  1e070c7d2e26a.msi
- Size
  
  8.5MB
- MD5
  
  d63fda12b0bcaa5f916d6ee1d1b64315
- SHA1
  
  8ec3ecd34f9e62a628c9a75744df348820d1ea2a
- SHA256
  
  b2e6c0a826feb05452e6c2377fd0e365c269906c964d2ec7cc45b8608c49137e
- SHA512
  
  9c13f112b5ca21332837954357bde4d1cc626e4d928cfbb5caad5a74595081fe82f39e85ff5f2107b81b1eb895f985459a83928762fdfbb8bee8642933a6ce9c
- SSDEEP
  
  196608:SeS5hV9/S6WXbfXlTrn7HZ5AQX3AveLukj1w9wiVIu653rGDRBX/:SdhVs6WXjX9HZ5AQX32WDSVo5bKBX/
Score

10^/10

darkgate plex discovery stealer
- DarkGate
  DarkGate is an infostealer written in C++.
  stealer darkgate
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkgateplexdiscoverystealer

behavioral2

darkgateplexdiscoverystealer