Analysis
-
max time kernel
119s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231020-en -
resource tags
-
submitted
26-10-2023 15:26
General
-
Target
26102023_2326_drkgate_data2.exe
-
Size
405KB
-
MD5
2c48c5f619dd7ad5b6d4c36f56489a66
-
SHA1
661371c42e8aec0364a46210706cab150e42ede4
-
SHA256
14ed8ae1a9d44a500f57fa0273162907c05e31d8da92c474944bbd74f55d19b1
-
SHA512
62f28bb6ce33ef5598587819f5ec56ccccf138eef7b3e2d165ac9a0aa3c11da1b5e3f457ebdb05690e3d052961630876552f61e2bbfdb89533d0ba7b3327ae00
-
SSDEEP
6144:V5UTExW+vRaLjH5XVEqVomFDXfRhnJWoS1gAlCWZ44w:jUTExWnLjH5XVEqVvvnJWoSiAlTZ4
Score
10/10
Malware Config
Extracted
Family
darkgate
Botnet
user_871236672
C2
http://hadfadf87yuadfad.com
Attributes
-
alternative_c2_port
8080
-
anti_analysis
true
-
anti_debug
true
-
anti_vm
true
-
c2_port
2351
-
check_disk
true
-
check_ram
true
-
check_xeon
true
-
crypter_au3
false
-
crypter_dll
false
-
crypter_rawstub
true
-
crypto_key
CbTWFsAhFuOWYT
-
internal_mutex
txtMut
-
minimum_disk
40
-
minimum_ram
7000
-
ping_interval
4
-
rootkit
true
-
startup_persistence
true
-
username
user_871236672
Signatures
-
DarkGate
DarkGate is an infostealer written in C++.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes
-
C:\Users\Admin\AppData\Local\Temp\26102023_2326_drkgate_data2.exe"C:\Users\Admin\AppData\Local\Temp\26102023_2326_drkgate_data2.exe"1⤵
- Checks processor information in registry
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
404KB