General

  • Target

    05022024_2208_chache.hta

  • Size

    73KB

  • Sample

    240205-rfekmabeap

  • MD5

    26daad505b15a76a4ae1be76f9c77488

  • SHA1

    70d2f0a9a4f51316f65ff8b895518c6fb824f4c7

  • SHA256

    4644c5cfe036b53190d6f36a2d9e3067ea05622481092ab05b55e5754e89ba2e

  • SHA512

    96e8cc6ea11bd22d9a3195f87c5d4e241e58a1c6fca2de4db1dab4a08d8cd4d4b7a9a51a7b478f16422c030cd675b7ab144015de8c87bcec03bc5c0568c26ffc

  • SSDEEP

    768:kohVndK3EFiaID3u1cP/wTgdok7h/ZdmYu7aZD0fJgPKOjLxphC8U4u4EeUeEgFa:kobndK4IDeshU3gfALti5Oz

Score
10/10

Malware Config

Targets

    • Target

      05022024_2208_chache.hta

    • Size

      73KB

    • MD5

      26daad505b15a76a4ae1be76f9c77488

    • SHA1

      70d2f0a9a4f51316f65ff8b895518c6fb824f4c7

    • SHA256

      4644c5cfe036b53190d6f36a2d9e3067ea05622481092ab05b55e5754e89ba2e

    • SHA512

      96e8cc6ea11bd22d9a3195f87c5d4e241e58a1c6fca2de4db1dab4a08d8cd4d4b7a9a51a7b478f16422c030cd675b7ab144015de8c87bcec03bc5c0568c26ffc

    • SSDEEP

      768:kohVndK3EFiaID3u1cP/wTgdok7h/ZdmYu7aZD0fJgPKOjLxphC8U4u4EeUeEgFa:kobndK4IDeshU3gfALti5Oz

    Score
    10/10
    • DarkGate

      DarkGate is an infostealer written in C++.

    • Detect DarkGate stealer

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks