Resubmissions

26-12-2023 01:47

231226-b7twmaedc9 10

02-12-2023 09:15

231202-k761mabc26 10

General

  • Target

    90e38d684c63fee4e5d7bdd16c4409022bf9edfc7cf266b9e49936962ce37b03.dll

  • Size

    2.7MB

  • Sample

    231226-b7twmaedc9

  • MD5

    6376c4e1fa2dcb1c73f178b675ea5840

  • SHA1

    c46e52b896bf3b53a6878d2b2386a9dc40377f19

  • SHA256

    90e38d684c63fee4e5d7bdd16c4409022bf9edfc7cf266b9e49936962ce37b03

  • SHA512

    d967d2e60b743bd57489c9edd0cf9d820d0ea749402be2dcb7b2e14a82828aa4c981b9fa32470d9f5fb208152e673eb3b9daf0485c53680548f5ea2619537494

  • SSDEEP

    24576:dHZrhn7olvHbxA7qQCzt/s7ry5SnCo44Bg85mwFXyEOdT1ZAIe9ae/K4wMIQb6Vo:dpqt7sU9s7r/HvCKPP

Score
10/10

Malware Config

Extracted

Family

darkgate

Version

5.2.8

Botnet

A11111

C2

http://trans1ategooglecom.com

http://saintelzearlava.com

Attributes
  • alternative_c2_port

    8080

  • anti_analysis

    false

  • anti_debug

    false

  • anti_vm

    false

  • c2_port

    80

  • check_disk

    false

  • check_ram

    false

  • check_xeon

    false

  • crypter_au3

    false

  • crypter_dll

    false

  • crypter_raw_stub

    true

  • crypto_key

    XiOwgXyDLNDEpj

  • internal_mutex

    txtMut

  • minimum_disk

    100

  • minimum_ram

    4096

  • ping_interval

    4

  • rootkit

    true

  • startup_persistence

    true

  • username

    A11111

Targets

    • Target

      90e38d684c63fee4e5d7bdd16c4409022bf9edfc7cf266b9e49936962ce37b03.dll

    • Size

      2.7MB

    • MD5

      6376c4e1fa2dcb1c73f178b675ea5840

    • SHA1

      c46e52b896bf3b53a6878d2b2386a9dc40377f19

    • SHA256

      90e38d684c63fee4e5d7bdd16c4409022bf9edfc7cf266b9e49936962ce37b03

    • SHA512

      d967d2e60b743bd57489c9edd0cf9d820d0ea749402be2dcb7b2e14a82828aa4c981b9fa32470d9f5fb208152e673eb3b9daf0485c53680548f5ea2619537494

    • SSDEEP

      24576:dHZrhn7olvHbxA7qQCzt/s7ry5SnCo44Bg85mwFXyEOdT1ZAIe9ae/K4wMIQb6Vo:dpqt7sU9s7r/HvCKPP

    Score
    10/10
    • DarkGate

      DarkGate is an infostealer written in C++.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v13

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks