Overview

overview

10

Static

static

1

ohmygodits...t.html

windows10-1703-x64

10

Resubmissions

26-03-2024 14:26

240326-rrx64sfb7y 10

26-03-2024 14:20

240326-rns3zsca85 4

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ohmygoditsthefunkysh1t.html

  • Size

    3KB

  • Sample

    240326-rrx64sfb7y

  • MD5

    ace67f099683c4360f442c58da66aeba

  • SHA1

    2b90f1398b79331e8f853ddb004dcc87a1daf540

  • SHA256

    196bb36f7d63c845afd40c5c17ce061e320d110f28ebe8c7c998b9e6b3fe1005

  • SHA512

    02e2465e10ee581b04896dd77ee906542786b7662071befa9b6c07fca00862be063516030045fb29fdec1a68108aaf93cc30db24cd329776b1d316c9d7ca7073

Score
10/10
darkgateadmin888discoverypersistencestealer

Malware Config

Extracted

Family

darkgate

Botnet

admin888

C2

withupdate.com

Attributes
  • anti_analysis

    true

  • anti_debug

    false

  • anti_vm

    true

  • c2_port

    80

  • check_disk

    false

  • check_ram

    false

  • check_xeon

    false

  • crypter_au3

    false

  • crypter_dll

    false

  • crypter_raw_stub

    false

  • internal_mutex

    VqunyHFY

  • minimum_disk

    50

  • minimum_ram

    4000

  • ping_interval

    6

  • rootkit

    false

  • startup_persistence

    true

  • username

    admin888

Targets

    • Target

      ohmygoditsthefunkysh1t.html

    • Size

      3KB

    • MD5

      ace67f099683c4360f442c58da66aeba

    • SHA1

      2b90f1398b79331e8f853ddb004dcc87a1daf540

    • SHA256

      196bb36f7d63c845afd40c5c17ce061e320d110f28ebe8c7c998b9e6b3fe1005

    • SHA512

      02e2465e10ee581b04896dd77ee906542786b7662071befa9b6c07fca00862be063516030045fb29fdec1a68108aaf93cc30db24cd329776b1d316c9d7ca7073

    Score
    10/10
    darkgateadmin888discoverypersistencestealer

    • DarkGate

      DarkGate is an infostealer written in C++.

      stealerdarkgate

    • Detect DarkGate stealer

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

      persistence

    • Registers COM server for autorun

      persistence

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks