Overview

overview

10

Static

static

1

trefald.msi

windows7-x64

10

trefald.msi

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0a2bb0730657fcba380c280663c5e4174586fda123f7a6c6f270a9356229ed8b.zip

  • Size

    1.9MB

  • Sample

    240402-l6y43aef75

  • MD5

    9b0e9b381e0c4a27476edeaed431a5c9

  • SHA1

    c35f2d5fac66cdea7574342d916a9a29a5402579

  • SHA256

    b8c3f3119bbdcc44f23cd143033ffad6190fad35b69ff05d2d6462af9a765609

  • SHA512

    09f2bae8df0c8aadcd14148e25a2155d34af77808b4980578c3fb08d2c776f646d2be1066846e22066454fb7a1fa5e4146adcd00b7b1fed4aabe16db31d2a3b7

  • SSDEEP

    49152:inq0n1TbW6TsH1Yx6Eoj4/CZXhwWMFwfkZzZklS:iq0n1Tbu+6MC/wWGwfkzk4

Score
10/10
darkgateadmin888discoverystealer

Malware Config

Extracted

Family

darkgate

Botnet

admin888

C2

newdomainfortesteenestle.com

Attributes
  • anti_analysis

    true

  • anti_debug

    false

  • anti_vm

    false

  • c2_port

    443

  • check_disk

    false

  • check_ram

    true

  • check_xeon

    false

  • crypter_au3

    false

  • crypter_dll

    false

  • crypter_raw_stub

    false

  • internal_mutex

    ZLhPAWah

  • minimum_disk

    100

  • minimum_ram

    4096

  • ping_interval

    6

  • rootkit

    false

  • startup_persistence

    false

  • username

    admin888

Targets

    • Target

      trefald.msi

    • Size

      4.3MB

    • MD5

      693c4acd02bea0abe6223a62dc2d4016

    • SHA1

      d8f49b7896fb4e93cdb9602d604538cbdec2d043

    • SHA256

      1927c89e8514cc8d7516d4513331a6c461d00547d107ffb7985742c46806f8f5

    • SHA512

      435fb4c18e48a359b031c0c94d9cb31c49f4fff04b2df53ed3c29373446edca937f1af81d444d2199a505816ec9cc81a5bbf0ac5f6fb07bffb05f1a4182bfdbb

    • SSDEEP

      49152:ApUPZ9qhCxzT+WKjSXBuX/MDiypVytj5hgleknccaUBj6oz0aHxAiToxZyiWtB96:ApOCQk/K6hgg4HomJ

    Score
    10/10
    darkgateadmin888discoverystealer

    • DarkGate

      DarkGate is an infostealer written in C++.

      stealerdarkgate

    • Detect DarkGate stealer

    • Modifies file permissions

      discovery

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks