darkgate | 643c85416ff830ae12c09960d837f39e2605cab1dc4dbdcf5de3ea383b5e27cc | Triage

Submit
Reports

Overview

overview

Static

static

1

643c85416f...JC.vbs

windows7-x64

8

643c85416f...JC.vbs

windows10-2004-x64

Sharing

General

Target

643c85416ff830ae12c09960d837f39e2605cab1dc4dbdcf5de3ea383b5e27cc_JC.vbs
Size

14KB
Sample

230928-x55e8sfc49
MD5

1bac3ba2e3941dea6a6541961be54e80
SHA1

5991e6f26e7c302708a4be73ffd56bca636009fc
SHA256

643c85416ff830ae12c09960d837f39e2605cab1dc4dbdcf5de3ea383b5e27cc
SHA512

38cf48e0a9b1521067b7f199b57996d0e434fe355b39492d5e3c594dae15769040624922f1cc94630475dd71e815514b47cddfc02e336673ec7b8649e771317a
SSDEEP

24:6v/AE+kto64KBiHDmDHCWkqalW95VuF9/ITLBLdhXdHxjszxo+0Qg0:cn+kxJQyDHVxaM3cfI3RftuVvn

Score

10^/10

darkgate stealer

Static task

static1

Behavioral task

behavioral1

Sample

643c85416ff830ae12c09960d837f39e2605cab1dc4dbdcf5de3ea383b5e27cc_JC.vbs

Resource

win7-20230831-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

643c85416ff830ae12c09960d837f39e2605cab1dc4dbdcf5de3ea383b5e27cc_JC.vbs

Resource

win10v2004-20230915-en

darkgate stealer

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

darkgate

C2

http://94.228.169.143

Targets

- Target
  
  643c85416ff830ae12c09960d837f39e2605cab1dc4dbdcf5de3ea383b5e27cc_JC.vbs
- Size
  
  14KB
- MD5
  
  1bac3ba2e3941dea6a6541961be54e80
- SHA1
  
  5991e6f26e7c302708a4be73ffd56bca636009fc
- SHA256
  
  643c85416ff830ae12c09960d837f39e2605cab1dc4dbdcf5de3ea383b5e27cc
- SHA512
  
  38cf48e0a9b1521067b7f199b57996d0e434fe355b39492d5e3c594dae15769040624922f1cc94630475dd71e815514b47cddfc02e336673ec7b8649e771317a
- SSDEEP
  
  24:6v/AE+kto64KBiHDmDHCWkqalW95VuF9/ITLBLdhXdHxjszxo+0Qg0:cn+kxJQyDHVxaM3cfI3RftuVvn
Score

10^/10

darkgate stealer
- DarkGate
  DarkGate is an infostealer written in C++.
  stealer darkgate
- Blocklisted process makes network request
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

darkgatestealer

© 2018-2025

Terms | Privacy