Overview

overview

10

Static

static

1

Report-26-2024[1].vbs

windows10-1703-x64

10

Report-26-2024[1].vbs

windows10-2004-x64

10

Report-26-2024[1].vbs

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Report-26-2024[1].vbs

  • Size

    6KB

  • Sample

    240329-vereksch2s

  • MD5

    2a4b987fdbd42a6a5cfbfdc334ce634f

  • SHA1

    9964d7287bb64f36231b751eb80608176fc8b687

  • SHA256

    cb65d95a1496fd2e5105954eb3046df90c4262f19fa7d7d77fa59b488348b040

  • SHA512

    4aabaf92a6bf309869ee2ab6eabb9081bb4b5fc57362d9b343fdc7e8eb010ef66512aa5e80056cdb9501f0602d413d325ccc81f1cff3ebe7756167d163d09b80

  • SSDEEP

    192:QMg119gkCtL3IqSPN3QzGNzUoNK9V4nN9:Ly19gR3IquNgzG2oN7r

Score
10/10
darkgateadmin888stealer

Malware Config

Extracted

Family

darkgate

Botnet

admin888

C2

backupitfirst.com

Attributes
  • anti_analysis

    true

  • anti_debug

    false

  • anti_vm

    true

  • c2_port

    80

  • check_disk

    false

  • check_ram

    false

  • check_xeon

    false

  • crypter_au3

    false

  • crypter_dll

    false

  • crypter_raw_stub

    false

  • internal_mutex

    SfUQxDje

  • minimum_disk

    50

  • minimum_ram

    4000

  • ping_interval

    6

  • rootkit

    false

  • startup_persistence

    true

  • username

    admin888

Targets

    • Target

      Report-26-2024[1].vbs

    • Size

      6KB

    • MD5

      2a4b987fdbd42a6a5cfbfdc334ce634f

    • SHA1

      9964d7287bb64f36231b751eb80608176fc8b687

    • SHA256

      cb65d95a1496fd2e5105954eb3046df90c4262f19fa7d7d77fa59b488348b040

    • SHA512

      4aabaf92a6bf309869ee2ab6eabb9081bb4b5fc57362d9b343fdc7e8eb010ef66512aa5e80056cdb9501f0602d413d325ccc81f1cff3ebe7756167d163d09b80

    • SSDEEP

      192:QMg119gkCtL3IqSPN3QzGNzUoNK9V4nN9:Ly19gR3IquNgzG2oN7r

    Score
    10/10
    darkgateadmin888stealer

    • DarkGate

      DarkGate is an infostealer written in C++.

      stealerdarkgate

    • Detect DarkGate stealer

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral1behavioral2behavioral3

MITRE ATT&CK Enterprise v15

Tasks