darkgate | 5b5f06c9969bf17491cbe0adf51fff0c279f1a5906d91d4e2ad449af78cdc3d1 | Triage

Sharing

General

Target

bb897b6af926de14bba7e9752318061a.bin
Size

66KB
Sample

231105-dghrsaaa4x
MD5

a2962bbe39e7490938487b992c23bba5
SHA1

96f6f550358c66b4042a00304d56c08683479cb5
SHA256

5b5f06c9969bf17491cbe0adf51fff0c279f1a5906d91d4e2ad449af78cdc3d1
SHA512

c4ce0e934747743de1c7a7b5132db46aa793c7bd9ca4aab6afdf259f9e5393c2a17c129470447f5fcfda22a757ba96f367ca108bdd22ffd822bd4d36b0b1bb0c
SSDEEP

1536:k79o2d/B0BTcZUH3mFepO6Ab4MMHYTNaThF:SGBTcZ0plnasv

Score

10^/10

darkgate user_871236672 stealer

Malware Config

Extracted

Family

darkgate

Botnet

user_871236672

C2

http://showmoreresultonliner.com

Attributes

alternative_c2_port
8080
anti_analysis
true
anti_debug
true
anti_vm
true
c2_port
2351
check_disk
true
check_ram
true
check_xeon
false
crypter_au3
false
crypter_dll
false
crypter_rawstub
true
crypto_key
DDfcMjFaEKfNOW
internal_mutex
txtMut
minimum_disk
60
minimum_ram
6000
ping_interval
4
rootkit
true
startup_persistence
true
username
user_871236672

Targets

- Target
  
  ae0f7106f8b0e11c5526a8f1326c4705266a24cc933b5caa4dca735692cd959f.js
- Size
  
  253KB
- MD5
  
  bb897b6af926de14bba7e9752318061a
- SHA1
  
  2dbd55f9cedb96553a18cb863e27b8d608cce40c
- SHA256
  
  ae0f7106f8b0e11c5526a8f1326c4705266a24cc933b5caa4dca735692cd959f
- SHA512
  
  9c0e544f9748339b1c6e480468f8d8fde1601ba9c2bf9c17c1d5858f640dc197ebd2dc93a78f3cb525f7bc8887ba45eb678e2dbbd52a3f9dbd65ae543672d09b
- SSDEEP
  
  6144:de7hgXeerjqlI2Iro+W8Bne7hgXeerjqlI2Iro+8:dIhgSlI23J8pIhgSlI23V
Score

10^/10

darkgate user_871236672 stealer
- DarkGate
  DarkGate is an infostealer written in C++.
  stealer darkgate
- Blocklisted process makes network request
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

darkgateuser_871236672stealer