Overview

overview

10

Static

static

1

New folder...t3.exe

windows7-x64

3

New folder...t3.exe

windows10-2004-x64

3

New folder...te.bat

windows7-x64

10

New folder...te.bat

windows10-2004-x64

10

New folder/script.a3x

windows7-x64

3

New folder/script.a3x

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    New folder.7z

  • Size

    619KB

  • Sample

    240509-j5eypagg2v

  • MD5

    eb0ff2dff443996a883ed48348477fee

  • SHA1

    1023b9ae9a1d4c26d008d9d7b786729059203d02

  • SHA256

    007e6640a49030d68af8679df6ef5b9ad7bb917396f6a2ab1b5eb72037ebf120

  • SHA512

    47f50e6695389642927dd291f48c60db08f733cfde61c321061c813138a65563b1c4f1deeb49f47b378f2a5ebd928ea7bccf293410eafb7120f700170cfebdb0

  • SSDEEP

    12288:Wlm6/dzw29ot0jNFay25MDkI1tUsZbqotLNsfgIWYLCkH4yKIn1ZBV8rCkFYOJ2P:MzN9M0jN1THLqotLN6gIWYWkH4XIn/8G

Score
10/10
darkgateadmin888executionstealer

Malware Config

Extracted

Family

darkgate

Botnet

admin888

C2

kindupdates.com

Attributes
  • anti_analysis

    true

  • anti_debug

    false

  • anti_vm

    true

  • c2_port

    80

  • check_disk

    false

  • check_ram

    false

  • check_xeon

    false

  • crypter_au3

    false

  • crypter_dll

    false

  • crypter_raw_stub

    false

  • internal_mutex

    VjpTnzOY

  • minimum_disk

    100

  • minimum_ram

    4096

  • ping_interval

    6

  • rootkit

    false

  • startup_persistence

    true

  • username

    admin888

Targets

    • Target

      New folder/Autoit3.exe

    • Size

      872KB

    • MD5

      c56b5f0201a3b3de53e561fe76912bfd

    • SHA1

      2a4062e10a5de813f5688221dbeb3f3ff33eb417

    • SHA256

      237d1bca6e056df5bb16a1216a434634109478f882d3b1d58344c801d184f95d

    • SHA512

      195b98245bb820085ae9203cdb6d470b749d1f228908093e8606453b027b7d7681ccd7952e30c2f5dd40f8f0b999ccfc60ebb03419b574c08de6816e75710d2c

    • SSDEEP

      12288:6pVWeOV7GtINsegA/hMyyzlcqikvAfcN9b2MyZa31twoPTdFxgawV2M01:6T3E53Myyzl0hMf1tr7Caw8M01

    Score
    3/10
    behavioral1behavioral2

    • Target

      New folder/execute.bat

    • Size

      29B

    • MD5

      9cb80398908d1720da4a0ff9052280ab

    • SHA1

      ec13380c5a107ad18b08c546fc067f3ccd8fecfc

    • SHA256

      ecbdb7843d10d746282f0eddf1dc89ab7927e19102492711be4dc1b26ace13f1

    • SHA512

      29da0caa5142654408b34a9e2685030ff06bafc74c3ef413868954bbf29464d228079a3227db0bc4f1d666ef4fa22b62135d01b96bf98a17a8a7a9edaf8e3ab2

    Score
    10/10
    darkgateadmin888executionstealer

    • DarkGate

      DarkGate is an infostealer written in C++.

      stealerdarkgate

    • Detect DarkGate stealer

    • Command and Scripting Interpreter: AutoIT

      Using AutoIT for possible automate script.

      execution
    behavioral3behavioral4

    • Target

      New folder/script.a3x

    • Size

      498KB

    • MD5

      04cdff477585cb0747ecd20052f03c2e

    • SHA1

      8eae88d58b300613fc506b5b7e4cbcb083c5a0a9

    • SHA256

      f3df02bf4d10415bfd8d33e0659c038465616e2190086a77dfbe0c73d229f68c

    • SHA512

      385765cd9fe12e85a906e43063e866ed3d221b65a6ba36ca4d02e9d1ec38094b68ed7830c4e9c5402485180af248a649e223269976e2ab20086d9c340ae5d7b1

    • SSDEEP

      6144:59Tm1YXhgkbIFW2soVLdqOnsNE/0+GQPNQTZAmTtlNcCPEXU9qIFJQgYjOWO21iO:5tm1TenOsEVGyYKCPEXUZFJij2wab0

    Score
    3/10
    behavioral5behavioral6

MITRE ATT&CK Matrix

Tasks