Overview

overview

10

Static

static

3

Tax_Docume...nt.exe

windows7-x64

10

Tax_Docume...nt.exe

windows10-2004-x64

10

Tax_Docume...32.dll

windows7-x64

10

Tax_Docume...32.dll

windows10-2004-x64

10

Resubmissions

16-04-2024 14:20

240416-rnhbgsdg2x 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    142257a8ebfb66cf873e1253d39d40dfee7af9ebb41b999031491c7f516b6fc4.zip.danger

  • Size

    7.1MB

  • Sample

    240416-rnhbgsdg2x

  • MD5

    b0dfd99b72aba5fd3265f20f901880ed

  • SHA1

    f2babb8e5cbeec1f4a3579328c06a36d1b5c0c67

  • SHA256

    142257a8ebfb66cf873e1253d39d40dfee7af9ebb41b999031491c7f516b6fc4

  • SHA512

    b3bd1577e44b3a7643f8a35ebf71a967650a063f542111789eebe4e34c9c70329da9d7a7a7e9b38315924053c2456a7a1d12c7cbadd9d49eebcb6ac38769b090

  • SSDEEP

    196608:MdxAvA9ODo51x75GQ3EoYsBOnKdMBnC/NnvrV:c+ASS7bUoNBOKdynsNvrV

Score
10/10
darkgateseal001persistencestealer

Malware Config

Extracted

Family

darkgate

Botnet

seal001

C2

185.196.220.194

Attributes
  • anti_analysis

    false

  • anti_debug

    false

  • anti_vm

    false

  • c2_port

    80

  • check_disk

    false

  • check_ram

    false

  • check_xeon

    false

  • crypter_au3

    false

  • crypter_dll

    false

  • crypter_raw_stub

    false

  • internal_mutex

    zsVUqEDO

  • minimum_disk

    100

  • minimum_ram

    4096

  • ping_interval

    6

  • rootkit

    false

  • startup_persistence

    false

  • username

    seal001

Targets

    • Target

      Tax_Document/Tax_Document.exe

    • Size

      8.7MB

    • MD5

      480f8cf600f5509595b8418c6534caf2

    • SHA1

      dc13258ebb83bdf956523d751f67e29d6e4cf77e

    • SHA256

      6d8905ec0b1dfdc0a10d1cce40714ddd73205a09ad390b933ddbecdcf06a4cf2

    • SHA512

      f0bd99f68d59e80538fb276945d0f383394cb94a35c6d12ebd3e87061222249f78b9ca75716b33e36b66842b97c71149612111fcb6a8a3bc3a97635b03934aaf

    • SSDEEP

      196608:Ywdj1UbkCchr3rlFE8GCWhKUzGZ3gRTFHnBz58//o:Yw91Ubkxhr3rlFHWhKUzGZ3gRTFhzi/o

    Score
    10/10
    darkgateseal001persistencestealer

    • DarkGate

      DarkGate is an infostealer written in C++.

      stealerdarkgate

    • Detect DarkGate stealer

    • Adds Run key to start application

      persistence

    • Suspicious use of NtCreateThreadExHideFromDebugger

    behavioral1behavioral2

    • Target

      Tax_Document/ielang32.dll

    • Size

      130.0MB

    • MD5

      ae4a69eeb05c3b94e7dc24181232d2df

    • SHA1

      358f2ed70031592e0a51fbe858bd5c60e12fde98

    • SHA256

      88d5c12ef3f3fd25f07b618b1a4b46924e481b74aae4a4c4b530ae286bb8dc17

    • SHA512

      fb2b4b4d15c88272e20fb9806799d263df42e03872fe59f31425d80db43d3e0a977143628ee3329c5ae48828e724be02f549a70e37c4162a4873b79852cd624f

    • SSDEEP

      98304:RVHQXidDnBW0hcthSDnqDO5rzRQfaxcxVOshMQ:Rki9gDmyhc6

    Score
    10/10
    darkgateseal001persistencestealer

    • DarkGate

      DarkGate is an infostealer written in C++.

      stealerdarkgate

    • Detect DarkGate stealer

    • Adds Run key to start application

      persistence

    • Suspicious use of NtCreateThreadExHideFromDebugger

    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks