Overview

overview

10

Static

static

10

DarkGateUnpacked.exe

windows7-x64

10

DarkGateUnpacked.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    37s
  • max time network
    32s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    11/10/2023, 09:20 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    DarkGateUnpacked.exe

  • Size

    481KB

  • MD5

    83037a444567a6d47b6221288cdad4e9

  • SHA1

    7cf2487dc111a590f9db5c041f9f3ad84622e044

  • SHA256

    6750f31ef5e1fe74c1121b0ab1308f93e09505a63322b6ce16fe04099ce8993e

  • SHA512

    15cce4f2c4e12c0e71a5fbbeb7c9074b3648a5adf50afeb4df5d57ab6dfd1a8a29a3a9d09dbfa71d8cc3aa46e4be7e99493872a88480639b4d1442ad559bcfd6

  • SSDEEP

    12288:73wfF2uWIOyAxbhWyElk3Xb8ruWqW3GMRIYQIpePqnu5/9aJCE:7S2uWyAXWyElwL8rjv3qYdpeP+u581

Score
10/10
darkgateaa11stealer

Malware Config

Extracted

Family

darkgate

Botnet

AA11

C2

http://94.228.169.143

Attributes
  • alternative_c2_port

    8080

  • anti_analysis

    true

  • anti_debug

    true

  • anti_vm

    false

  • c2_port

    2351

  • check_disk

    false

  • check_ram

    false

  • check_xeon

    false

  • crypter_au3

    true

  • crypter_dll

    false

  • crypter_rawstub

    false

  • crypto_key

    YZlHPyuiLOFTOL

  • internal_mutex

    txtMut

  • minimum_disk

    100

  • minimum_ram

    4096

  • ping_interval

    4

  • rootkit

    true

  • startup_persistence

    true

  • username

    AA11

Signatures

  • DarkGate

    DarkGate is an infostealer written in C++.

    stealerdarkgate
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

Processes

  • C:\Users\Admin\AppData\Local\Temp\DarkGateUnpacked.exe
    "C:\Users\Admin\AppData\Local\Temp\DarkGateUnpacked.exe"
    1⤵
    • Checks processor information in registry
    PID:2752

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2752-0-0x0000000000400000-0x0000000000480000-memory.dmp

    Filesize

    512KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.