General

  • Target

    Dark_drop_2_pers_lum_clean.exe.bin.exe

  • Size

    4.7MB

  • Sample

    241115-wh1cbssmhj

  • MD5

    19888b7fe000d86bc63cf6a75a1e4c69

  • SHA1

    05ca780f0ba02d7b13d969560f02621ec94ff6cb

  • SHA256

    cc5c482229f5b9d1c88f6ff68abb7461de259749f6230932654bb5aaa3fddd88

  • SHA512

    06fadf1e5a002c6603f46206086b3b439ae912ae4c0cbf47289a018f544f7f174347e5d70eb759dd54fee564c4e1d224d3b71f516517fe0395a43553779ceb41

  • SSDEEP

    98304:p7kJzG+ACjCweJ43Nw8OYVW5UcH4kSymFQ/wtj+r:ZkJzG+AC+tJsqYcqE4kSymFzx+r

Malware Config

Extracted

Family

darkgate

Botnet

Derry

C2

164.132.5.124

Attributes
  • anti_analysis

    false

  • anti_debug

    false

  • anti_vm

    false

  • c2_port

    1111

  • check_disk

    false

  • check_ram

    false

  • check_xeon

    false

  • crypter_au3

    false

  • crypter_dll

    false

  • crypter_raw_stub

    false

  • internal_mutex

    KfrfRZvc

  • minimum_disk

    100

  • minimum_ram

    4096

  • ping_interval

    6

  • rootkit

    false

  • startup_persistence

    true

  • username

    Derry

Targets

    • Target

      Dark_drop_2_pers_lum_clean.exe.bin.exe

    • Size

      4.7MB

    • MD5

      19888b7fe000d86bc63cf6a75a1e4c69

    • SHA1

      05ca780f0ba02d7b13d969560f02621ec94ff6cb

    • SHA256

      cc5c482229f5b9d1c88f6ff68abb7461de259749f6230932654bb5aaa3fddd88

    • SHA512

      06fadf1e5a002c6603f46206086b3b439ae912ae4c0cbf47289a018f544f7f174347e5d70eb759dd54fee564c4e1d224d3b71f516517fe0395a43553779ceb41

    • SSDEEP

      98304:p7kJzG+ACjCweJ43Nw8OYVW5UcH4kSymFQ/wtj+r:ZkJzG+AC+tJsqYcqE4kSymFzx+r

    • DarkGate

      DarkGate is an infostealer written in C++.

    • Darkgate family

    • Detect DarkGate stealer

    • Executes dropped EXE

    • Adds Run key to start application

    • Command and Scripting Interpreter: AutoIT

      Using AutoIT for possible automate script.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks