Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://adclick.g.do...

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    https://adclick.g.doubleclick.net/pcs/click?fjDXUU9854756-nov-6-2023kd&&adurl=https://namaacont.com/

  • Sample

    231109-x3bedadh59

Score
10/10
darkgateplexdiscoverystealer

Malware Config

Extracted

Family

darkgate

Botnet

PLEX

C2

http://jordanmikejeforse.com

Attributes
  • alternative_c2_port

    8080

  • anti_analysis

    true

  • anti_debug

    true

  • anti_vm

    true

  • c2_port

    8443

  • check_disk

    true

  • check_ram

    true

  • check_xeon

    true

  • crypter_au3

    false

  • crypter_dll

    false

  • crypter_rawstub

    true

  • crypto_key

    tpzaoQttssNrmv

  • internal_mutex

    txtMut

  • minimum_disk

    20

  • minimum_ram

    6000

  • ping_interval

    4

  • rootkit

    true

  • startup_persistence

    true

  • username

    PLEX

Targets

    • Target

      https://adclick.g.doubleclick.net/pcs/click?fjDXUU9854756-nov-6-2023kd&&adurl=https://namaacont.com/

    Score
    10/10
    darkgateplexdiscoverystealer

    • DarkGate

      DarkGate is an infostealer written in C++.

      stealerdarkgate

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

1
T1222

Credential Access

Discovery

Query Registry

4
T1012

Peripheral Device Discovery

2
T1120

System Information Discovery

4
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks