Overview

overview

10

Static

static

3

2024-12-23...er.exe

windows7-x64

10

2024-12-23...er.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-12-23_1b46d77faf5e28b73a54fbb8623968d1_luca-stealer_magniber

  • Size

    4.9MB

  • Sample

    241223-ymzygazjhj

  • MD5

    1b46d77faf5e28b73a54fbb8623968d1

  • SHA1

    466b490653adde204527af534c140444fd078f7e

  • SHA256

    a75197137718a7ab7e63ed48f1ffae611768ad3c9a9babc65165ac5ec1131b4e

  • SHA512

    ae4e13cded9cfa7747b250e1ecb974b2099a333f831ecba30cf52ff3a67e412f2e8487ac7c7feeb0f1c970bc83b216cf398a375cdf3c962117ee5fca879a26a6

  • SSDEEP

    98304:TikqNYWjk6M3DfOzcO4sCsvgbBU54zCXBOooIk+JAj:TiTNjk6M3zOAOTxI8mCR4/L

Score
10/10
darkgatedrk3discoveryexecutionpersistencestealer

Malware Config

Extracted

Family

darkgate

Botnet

drk3

C2

harlemsupport.com

Attributes
  • anti_analysis

    false

  • anti_debug

    false

  • anti_vm

    false

  • c2_port

    80

  • check_disk

    false

  • check_ram

    false

  • check_xeon

    false

  • crypter_au3

    false

  • crypter_dll

    false

  • crypter_raw_stub

    false

  • internal_mutex

    wvAQVXRk

  • minimum_disk

    100

  • minimum_ram

    4096

  • ping_interval

    6

  • rootkit

    false

  • startup_persistence

    true

  • username

    drk3

Targets

    • Target

      2024-12-23_1b46d77faf5e28b73a54fbb8623968d1_luca-stealer_magniber

    • Size

      4.9MB

    • MD5

      1b46d77faf5e28b73a54fbb8623968d1

    • SHA1

      466b490653adde204527af534c140444fd078f7e

    • SHA256

      a75197137718a7ab7e63ed48f1ffae611768ad3c9a9babc65165ac5ec1131b4e

    • SHA512

      ae4e13cded9cfa7747b250e1ecb974b2099a333f831ecba30cf52ff3a67e412f2e8487ac7c7feeb0f1c970bc83b216cf398a375cdf3c962117ee5fca879a26a6

    • SSDEEP

      98304:TikqNYWjk6M3DfOzcO4sCsvgbBU54zCXBOooIk+JAj:TiTNjk6M3zOAOTxI8mCR4/L

    Score
    10/10
    darkgatedrk3discoveryexecutionpersistencestealer

    • DarkGate

      DarkGate is an infostealer written in C++.

      stealerdarkgate

    • Darkgate family

      darkgate

    • Detect DarkGate stealer

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Command and Scripting Interpreter: AutoIT

      Using AutoIT for possible automate script.

      execution
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks