Overview

overview

10

Static

static

1

3c130dd5bf...45.msi

windows7-x64

10

3c130dd5bf...45.msi

windows10-2004-x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3c130dd5bfba46230e49a87522411f716c4ef5ce8ff3c60ef450c5c5c2e75f45.zip

  • Size

    1.9MB

  • Sample

    240402-l6z2cseb91

  • MD5

    7876b44e7b8b38408c7dc37074b98e56

  • SHA1

    bfd56490e2f3da0d08a46fbae51ffe3d54e2ad83

  • SHA256

    ae03ce0acee133d690dcba2f34588a810190d7de2d84dfda466c233758b39134

  • SHA512

    680f50034e0a20e63c312bca572eb85bab72841a92198522341651c806bb8bed63fdbde5e7b8f038cd9dc8af9bf4682fac92d6e6e921c29eeb3ead7e8ee408d7

  • SSDEEP

    49152:7Qd10U1iHSujh6y7n0pxJs7CvBQi/TmnDFdwRXGipG618om5Zyi:o14X7yXWCui/G+GiX1PmZyi

Score
10/10
darkgateadmin888discoverystealer

Malware Config

Extracted

Family

darkgate

Botnet

admin888

C2

newdomainfortesteenestle.com

Attributes
  • anti_analysis

    true

  • anti_debug

    false

  • anti_vm

    false

  • c2_port

    443

  • check_disk

    false

  • check_ram

    true

  • check_xeon

    false

  • crypter_au3

    false

  • crypter_dll

    false

  • crypter_raw_stub

    false

  • internal_mutex

    TFdsiUxb

  • minimum_disk

    100

  • minimum_ram

    4096

  • ping_interval

    6

  • rootkit

    false

  • startup_persistence

    false

  • username

    admin888

Targets

    • Target

      3c130dd5bfba46230e49a87522411f716c4ef5ce8ff3c60ef450c5c5c2e75f45.msi

    • Size

      4.3MB

    • MD5

      34d86486c3fa02eee70fc0c0d4eefefe

    • SHA1

      de35522f5d4981a272cc21e5900afe91516b5500

    • SHA256

      3c130dd5bfba46230e49a87522411f716c4ef5ce8ff3c60ef450c5c5c2e75f45

    • SHA512

      4e0cb69240f975e457db15389cc391ffe673f03d5b68113f3c43c4d6dd3714215ad9a7e3cee8eeeddaadf803ff024056f0ec592ed6b164f16136f27a970c707b

    • SSDEEP

      49152:xpUP29qhCxzT+WKjSX2ull0vP7QwEm8dhPDg8cP5wpmC2eg+/xAiPr0ZHMWtBpG/:xppCQxlEDQwEm4d1c6pmC2e3/nIP

    Score
    10/10
    darkgateadmin888discoverystealer

    • DarkGate

      DarkGate is an infostealer written in C++.

      stealerdarkgate

    • Detect DarkGate stealer

    • Modifies file permissions

      discovery

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks