darkgate | 06cc011f34188a2156c18c1307fd625ac9a2ed916a4c7e01b40513a826bd24d0 | Triage

Sharing

General

Target

October-FTDs.xlsx.lnk
Size

1KB
Sample

231026-3cvm8abb86
MD5

f0a7c9b3858cfda3f16de7fa7a7958a8
SHA1

8777be6f9c0806cbd82cdac30a38403ebe2187de
SHA256

06cc011f34188a2156c18c1307fd625ac9a2ed916a4c7e01b40513a826bd24d0
SHA512

6258cd5da428864b0af3f96d1fce28a1efa04cf4d309bf65744e4c205b95a932ef69778b0fe61939c8d9736271b33c375f18e36785dc2e2888316248b723157d

Score

10^/10

darkgate civilian1111 stealer

Malware Config

Extracted

Family

darkgate

Botnet

civilian1111

C2

http://185.130.226.220

Attributes

alternative_c2_port
8080
anti_analysis
true
anti_debug
true
anti_vm
true
c2_port
2351
check_disk
false
check_ram
false
check_xeon
false
crypter_au3
false
crypter_dll
false
crypter_rawstub
true
crypto_key
vsAuhYDgOqBrvG
internal_mutex
txtMut
minimum_disk
100
minimum_ram
4096
ping_interval
5
rootkit
true
startup_persistence
true
username
civilian1111

Targets

- Target
  
  October-FTDs.xlsx.lnk
- Size
  
  1KB
- MD5
  
  f0a7c9b3858cfda3f16de7fa7a7958a8
- SHA1
  
  8777be6f9c0806cbd82cdac30a38403ebe2187de
- SHA256
  
  06cc011f34188a2156c18c1307fd625ac9a2ed916a4c7e01b40513a826bd24d0
- SHA512
  
  6258cd5da428864b0af3f96d1fce28a1efa04cf4d309bf65744e4c205b95a932ef69778b0fe61939c8d9736271b33c375f18e36785dc2e2888316248b723157d
Score

10^/10

darkgate civilian1111 stealer
- DarkGate
  DarkGate is an infostealer written in C++.
  stealer darkgate
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkgatecivilian1111stealer