darkgate | 7d4115e88411e7bcac9ed622dbb6554ff4015c6f9fed98a5427970ceada526e6 | Triage

Resubmissions

03/10/2023, 09:59

231003-lz3tnshf91 10

03/10/2023, 03:21

231003-dwbxsahh45 10

Sharing

General

Target

bye.vbs
Size

19KB
Sample

231003-lz3tnshf91
MD5

a19d814f720701a258a6e8b5a22b22c9
SHA1

cbdcdefb3328f1473bb1da624ed2bf9515ffd2c3
SHA256

7d4115e88411e7bcac9ed622dbb6554ff4015c6f9fed98a5427970ceada526e6
SHA512

51b2a31f0c4fce15d87d1ab88d8e383ee7f8be0e9075183a22c6bfcca48dd30d43ca7987baf3c811ab11a4132199a31213d3096c91a645127f13b7703d3bd044
SSDEEP

384:fwcem3DxZbJ6TZZfOEcMR/vuvP3RhbWbdVIIo+T6ncfzeQhs7h7:YcXZ16/+MRSbbaX9yp7h7

Score

10^/10

darkgate stealer

Malware Config

Extracted

Family

darkgate

C2

http://searcherbigdealk.com

Targets

- Target
  
  bye.vbs
- Size
  
  19KB
- MD5
  
  a19d814f720701a258a6e8b5a22b22c9
- SHA1
  
  cbdcdefb3328f1473bb1da624ed2bf9515ffd2c3
- SHA256
  
  7d4115e88411e7bcac9ed622dbb6554ff4015c6f9fed98a5427970ceada526e6
- SHA512
  
  51b2a31f0c4fce15d87d1ab88d8e383ee7f8be0e9075183a22c6bfcca48dd30d43ca7987baf3c811ab11a4132199a31213d3096c91a645127f13b7703d3bd044
- SSDEEP
  
  384:fwcem3DxZbJ6TZZfOEcMR/vuvP3RhbWbdVIIo+T6ncfzeQhs7h7:YcXZ16/+MRSbbaX9yp7h7
Score

10^/10

darkgate stealer
- DarkGate
  DarkGate is an infostealer written in C++.
  stealer darkgate
- Blocklisted process makes network request
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

darkgatestealer