Resubmissions

16-12-2024 13:13

241216-qf4zvaskdj 10

16-12-2024 13:10

241216-qev1js1mbw 5

General

  • Target

    Archive 2.zip

  • Size

    738KB

  • Sample

    241216-qf4zvaskdj

  • MD5

    127e744962bc72c18cc274b6906576f8

  • SHA1

    28853a7fe1d821a5a7634ff3a50d5297ac44d247

  • SHA256

    95508f0ec2c4a2ea7a72beb4669d1dccf8e1c1d8efebbf4136d5eff1feefbde5

  • SHA512

    390c03667ab39109cd1e6dd9c48b55b9be4cd8e1fe17553190864e7c2f26d2da68da1ff9fe693385ed38bc997f0e3b6fadc7d336b4856141a8775af5e67db1a9

  • SSDEEP

    12288:s/EOTKmcI3EUsg2SmMKW9btSKhWIdmxGxl2R54xRBOoRP1eE9ng7i9iEZwXSk2+S:8EOqI3EfJSrKw5pW+yGSIRHRNeE9a0wS

Malware Config

Extracted

Family

darkgate

Botnet

drk3

C2

aspava-yachting.com

Attributes
  • anti_analysis

    false

  • anti_debug

    false

  • anti_vm

    false

  • c2_port

    80

  • check_disk

    false

  • check_ram

    false

  • check_xeon

    false

  • crypter_au3

    false

  • crypter_dll

    false

  • crypter_raw_stub

    false

  • internal_mutex

    kDWIiPpI

  • minimum_disk

    100

  • minimum_ram

    4096

  • ping_interval

    6

  • rootkit

    false

  • startup_persistence

    true

  • username

    drk3

Targets

    • Target

      autoit3.exe

    • Size

      872KB

    • MD5

      c56b5f0201a3b3de53e561fe76912bfd

    • SHA1

      2a4062e10a5de813f5688221dbeb3f3ff33eb417

    • SHA256

      237d1bca6e056df5bb16a1216a434634109478f882d3b1d58344c801d184f95d

    • SHA512

      195b98245bb820085ae9203cdb6d470b749d1f228908093e8606453b027b7d7681ccd7952e30c2f5dd40f8f0b999ccfc60ebb03419b574c08de6816e75710d2c

    • SSDEEP

      12288:6pVWeOV7GtINsegA/hMyyzlcqikvAfcN9b2MyZa31twoPTdFxgawV2M01:6T3E53Myyzl0hMf1tr7Caw8M01

    • DarkGate

      DarkGate is an infostealer written in C++.

    • Darkgate family

    • Detect DarkGate stealer

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Adds Run key to start application

    • Command and Scripting Interpreter: AutoIT

      Using AutoIT for possible automate script.

MITRE ATT&CK Enterprise v15

Tasks