darkgate | b2da2a7e096b70ea8c3fb755389ba54288a3ba73f823297f96eac2626e13c519 | Triage

Sharing

General

Target

start-update(repair).msi
Size

8.6MB
Sample

231027-he5kzscf8z
MD5

082c83b92f29817d2ebc366935f90a45
SHA1

15550445a12440fb21206aff6878d6d3ac029e8f
SHA256

b2da2a7e096b70ea8c3fb755389ba54288a3ba73f823297f96eac2626e13c519
SHA512

ffb8b072edc8bcbca1466ba4f232a0fe6009e080abad0a2b10d5c7dc26e5089c0f49e68a0a6ba1345e840e05d83e99dac2a98b1e20ff92a9318b00af64c4df04
SSDEEP

196608:fkdAirk9zqV8GinTPMoGkd/ROfL0uUmN4in1VAnEVYxVSe32FO7Oxuh/:sdAirAzqVAnTPMgd+0ogHnF35Oxe/

Score

10^/10

darkgate ads5 discovery stealer

Malware Config

Extracted

Family

darkgate

Botnet

ADS5

C2

http://sftp.noheroway.com

Attributes

alternative_c2_port
8080
anti_analysis
true
anti_debug
true
anti_vm
true
c2_port
443
check_disk
true
check_ram
true
check_xeon
true
crypter_au3
false
crypter_dll
false
crypter_rawstub
true
crypto_key
nblvjKzeozPOUG
internal_mutex
txtMut
minimum_disk
40
minimum_ram
7000
ping_interval
4
rootkit
true
startup_persistence
true
username
ADS5

Targets

- Target
  
  start-update(repair).msi
- Size
  
  8.6MB
- MD5
  
  082c83b92f29817d2ebc366935f90a45
- SHA1
  
  15550445a12440fb21206aff6878d6d3ac029e8f
- SHA256
  
  b2da2a7e096b70ea8c3fb755389ba54288a3ba73f823297f96eac2626e13c519
- SHA512
  
  ffb8b072edc8bcbca1466ba4f232a0fe6009e080abad0a2b10d5c7dc26e5089c0f49e68a0a6ba1345e840e05d83e99dac2a98b1e20ff92a9318b00af64c4df04
- SSDEEP
  
  196608:fkdAirk9zqV8GinTPMoGkd/ROfL0uUmN4in1VAnEVYxVSe32FO7Oxuh/:sdAirAzqVAnTPMgd+0ogHnF35Oxe/
Score

10^/10

darkgate ads5 discovery stealer
- DarkGate
  DarkGate is an infostealer written in C++.
  stealer darkgate
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkgateads5discoverystealer

behavioral2

darkgateads5discoverystealer