Overview

overview

10

Static

static

1

1e070c7d2e26a.msi

windows7-x64

10

1e070c7d2e26a.msi

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    09112023_0912_1e070c7d2e26a.zip

  • Size

    8.4MB

  • Sample

    231109-bkkz7sef5s

  • MD5

    53d4c248a8da3693750137ef3475424d

  • SHA1

    4e467dfc2912637d894c98dda7222a91045dd9d0

  • SHA256

    cdd23d5f3168d63370d835eed644272de21b3ff86556053686a485b016fe381f

  • SHA512

    f9e005a872610c66bfca1b3bbccfef2a4768bdf9bbda12c2628b8308ed9abb7475f978ed9d0ad247925ed2b9121b17517735fc3d1f759317c93ac53d46c12612

  • SSDEEP

    196608:hr4E37/vBa+6ZrBRlfLT1vF7gkXJAv4bueB1s11YV+7MEfhVczTRBX1:hrX7/Q+6ZVRzvF7gkXJ2A9LVsMEf3cvt

Score
10/10
darkgateplexdiscoverystealer

Malware Config

Extracted

Family

darkgate

Botnet

PLEX

C2

http://homeservicetreking.com

Attributes
  • alternative_c2_port

    8080

  • anti_analysis

    true

  • anti_debug

    true

  • anti_vm

    true

  • c2_port

    8443

  • check_disk

    false

  • check_ram

    true

  • check_xeon

    true

  • crypter_au3

    false

  • crypter_dll

    false

  • crypter_rawstub

    true

  • crypto_key

    UxRmvbdCWVKFVZ

  • internal_mutex

    txtMut

  • minimum_disk

    20

  • minimum_ram

    6000

  • ping_interval

    4

  • rootkit

    true

  • startup_persistence

    true

  • username

    PLEX

Targets

    • Target

      1e070c7d2e26a.msi

    • Size

      8.5MB

    • MD5

      d63fda12b0bcaa5f916d6ee1d1b64315

    • SHA1

      8ec3ecd34f9e62a628c9a75744df348820d1ea2a

    • SHA256

      b2e6c0a826feb05452e6c2377fd0e365c269906c964d2ec7cc45b8608c49137e

    • SHA512

      9c13f112b5ca21332837954357bde4d1cc626e4d928cfbb5caad5a74595081fe82f39e85ff5f2107b81b1eb895f985459a83928762fdfbb8bee8642933a6ce9c

    • SSDEEP

      196608:SeS5hV9/S6WXbfXlTrn7HZ5AQX3AveLukj1w9wiVIu653rGDRBX/:SdhVs6WXjX9HZ5AQX32WDSVo5bKBX/

    Score
    10/10
    darkgateplexdiscoverystealer

    • DarkGate

      DarkGate is an infostealer written in C++.

      stealerdarkgate

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

1
T1222

Credential Access

Discovery

Query Registry

3
T1012

Peripheral Device Discovery

2
T1120

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks