darkgate | 07493b465f7075c2e003a6627d5b2663c5b9f88673d3bb84b680ac87ac3dada7 | Triage

Sharing

General

Target

14971c780f7708a9ea2d139bb874b5ed8269c216d617598795b9d4a5da7176ef.zip
Size

2.6MB
Sample

231022-vlbmpsdc28
MD5

e764de5d5900fe7b83a3677eedc61f9d
SHA1

3b8cb40a86aeb710e2d2d78f2f14cd7c5df5c15d
SHA256

07493b465f7075c2e003a6627d5b2663c5b9f88673d3bb84b680ac87ac3dada7
SHA512

742ebdd0b75c1d0f288ab6743bd81a39d4563058ce7a92a30fd60f4fb1790bdbcbb3494aaf64664d6abecf24d203de74cd0c60b7795ca97adf823e56ecfba4c8
SSDEEP

49152:qVt8d6flIrZbwKiY+/8dWSqo3o7x54fUt7Hmf8o4ZvykcU4:qzflXYN3ExOct7HzZal

Score

10^/10

darkgate ads5 discovery stealer

Malware Config

Extracted

Family

darkgate

Botnet

ADS5

C2

http://sftp.firestarted.com

Attributes

alternative_c2_port
8080
anti_analysis
true
anti_debug
true
anti_vm
true
c2_port
443
check_disk
true
check_ram
true
check_xeon
true
crypter_au3
false
crypter_dll
false
crypter_rawstub
true
crypto_key
fEOLPWGbELUQMh
internal_mutex
txtMut
minimum_disk
30
minimum_ram
6000
ping_interval
4
rootkit
true
startup_persistence
true
username
ADS5

Targets

- Target
  
  14971c780f7708a9ea2d139bb874b5ed8269c216d617598795b9d4a5da7176ef.msi
- Size
  
  2.7MB
- MD5
  
  d3498da83f0469d9b2f167bfa4a92eac
- SHA1
  
  76641e92daa75c6880cd4579962fb37636632a89
- SHA256
  
  14971c780f7708a9ea2d139bb874b5ed8269c216d617598795b9d4a5da7176ef
- SHA512
  
  c3b97a512eaf5916594da904cac663573fe1c4ef2bab34545d1a5a69c144b7ce2544716fd7bffaf281429dc2de9a62d50b9c4ac2118f88e1ef93b4f3c77b2886
- SSDEEP
  
  49152:kpUPkCQMukBtM5X1nMg1Y4m9UrlXGzQKlfeJ0kYrhSMjdi15wMq1XwlLBQj6PaZ:kpdczg71Y47WcKI0kYrE0dm9+wlCePi
Score

10^/10

darkgate ads5 discovery stealer
- DarkGate
  DarkGate is an infostealer written in C++.
  stealer darkgate
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkgateads5discoverystealer

behavioral2

darkgateads5discoverystealer