General

  • Target

    c1955052a26634f3571423dc64d3fd10c55fdb27f29eb3afd292787693ffcf91.exe

  • Size

    3.2MB

  • Sample

    240719-jldxaatakg

  • MD5

    08fca0f27ed8f08ca2d47270c128d1e2

  • SHA1

    2368a3943cee09bf33a6e114a87a5863018e176a

  • SHA256

    c1955052a26634f3571423dc64d3fd10c55fdb27f29eb3afd292787693ffcf91

  • SHA512

    26086bb9f5eb74d07ecfa912f80e6970302046f51dbd6c113d78893bad51102fda37a680483cf3e914adc2383c5c004f74918440b16ab991d067bfef9cc85b18

  • SSDEEP

    49152:IgSMFHAPQ2WinZ5GbV0INQwm0MO+ltaOZJ:ISgtnZ5GbV0INQwbmH

Malware Config

Extracted

Family

darkgate

Botnet

trafikk897612561

C2

91.222.173.167

Attributes
  • anti_analysis

    true

  • anti_debug

    false

  • anti_vm

    true

  • c2_port

    80

  • check_disk

    false

  • check_ram

    true

  • check_xeon

    false

  • crypter_au3

    false

  • crypter_dll

    false

  • crypter_raw_stub

    false

  • internal_mutex

    BkPLWikV

  • minimum_disk

    100

  • minimum_ram

    4095

  • ping_interval

    6

  • rootkit

    false

  • startup_persistence

    true

  • username

    trafikk897612561

Targets

    • Target

      c1955052a26634f3571423dc64d3fd10c55fdb27f29eb3afd292787693ffcf91.exe

    • Size

      3.2MB

    • MD5

      08fca0f27ed8f08ca2d47270c128d1e2

    • SHA1

      2368a3943cee09bf33a6e114a87a5863018e176a

    • SHA256

      c1955052a26634f3571423dc64d3fd10c55fdb27f29eb3afd292787693ffcf91

    • SHA512

      26086bb9f5eb74d07ecfa912f80e6970302046f51dbd6c113d78893bad51102fda37a680483cf3e914adc2383c5c004f74918440b16ab991d067bfef9cc85b18

    • SSDEEP

      49152:IgSMFHAPQ2WinZ5GbV0INQwm0MO+ltaOZJ:ISgtnZ5GbV0INQwbmH

    • DarkGate

      DarkGate is an infostealer written in C++.

    • Detect DarkGate stealer

    • Command and Scripting Interpreter: AutoIT

      Using AutoIT for possible automate script.

MITRE ATT&CK Enterprise v15

Tasks