General

  • Target

    f7d4f261a959d790aaca39d1ebb9f26c4623c52c074776590394216bb810ff77.exe

  • Size

    6.7MB

  • Sample

    241219-pefp7atjft

  • MD5

    726baf607d5d6e364c3c610230e371b8

  • SHA1

    809f2cb846a766ff94b7fb86db7d4eab07883975

  • SHA256

    f7d4f261a959d790aaca39d1ebb9f26c4623c52c074776590394216bb810ff77

  • SHA512

    5494fa84d9049d75199aaf494e1a7fe72bf977853558d2ed1565530fd26345615e35eb79476bd28a187778004645597fa0960fc73085a783f97d64ff79482262

  • SSDEEP

    98304:FRXveERYHssF12MVwjbFGzdaDMF/Qi0GyREcBhmca3wjA5Ok/OyCF:FRbRYM612MVQbF8gOOCcBhmca3w0oF

Malware Config

Extracted

Family

darkgate

Botnet

drk3

C2

aspava-yachting.com

Attributes
  • anti_analysis

    false

  • anti_debug

    false

  • anti_vm

    false

  • c2_port

    80

  • check_disk

    false

  • check_ram

    false

  • check_xeon

    false

  • crypter_au3

    false

  • crypter_dll

    false

  • crypter_raw_stub

    false

  • internal_mutex

    kDWIiPpI

  • minimum_disk

    100

  • minimum_ram

    4096

  • ping_interval

    6

  • rootkit

    false

  • startup_persistence

    true

  • username

    drk3

Targets

    • Target

      f7d4f261a959d790aaca39d1ebb9f26c4623c52c074776590394216bb810ff77.exe

    • Size

      6.7MB

    • MD5

      726baf607d5d6e364c3c610230e371b8

    • SHA1

      809f2cb846a766ff94b7fb86db7d4eab07883975

    • SHA256

      f7d4f261a959d790aaca39d1ebb9f26c4623c52c074776590394216bb810ff77

    • SHA512

      5494fa84d9049d75199aaf494e1a7fe72bf977853558d2ed1565530fd26345615e35eb79476bd28a187778004645597fa0960fc73085a783f97d64ff79482262

    • SSDEEP

      98304:FRXveERYHssF12MVwjbFGzdaDMF/Qi0GyREcBhmca3wjA5Ok/OyCF:FRbRYM612MVQbF8gOOCcBhmca3w0oF

    • DarkGate

      DarkGate is an infostealer written in C++.

    • Darkgate family

    • Detect DarkGate stealer

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Command and Scripting Interpreter: AutoIT

      Using AutoIT for possible automate script.

MITRE ATT&CK Enterprise v15

Tasks