darkgate | 238d39c4fd48f4f42ce687c4d8a59c558f9eaae0df1a25d11076227bdb7e85c9 | Triage

Sharing

General

Target

07112023_2241_31ae2a2367b4fc.zip
Size

8.5MB
Sample

231107-r2jrgabg23
MD5

d50f31a8ec86e54f6ea4c239ee41cbbe
SHA1

9f36ec31386c57f23d151b6ea23d361640e6192c
SHA256

238d39c4fd48f4f42ce687c4d8a59c558f9eaae0df1a25d11076227bdb7e85c9
SHA512

836c02252227561a90b85ec637338b0671a3ee3272a88c67ea375214a4ecfd2b6e1b30db7099621777618c4fd9c4e7618bc991cdbfe7f60b76103ca4b6cffd0f
SSDEEP

196608:PTaOTx7XBKQEhrX1dvzb/5hH8qXzAvCHuCN1A/x8qz5plhbcYS+:L3x7AQEh71t5hH8qXz2Wp28qzYQ

Score

10^/10

darkgate user_871236672 discovery stealer

Malware Config

Extracted

Family

darkgate

Botnet

user_871236672

C2

http://8sjimonstersboonkonline.com

Attributes

alternative_c2_port
8080
anti_analysis
true
anti_debug
true
anti_vm
true
c2_port
2351
check_disk
false
check_ram
true
check_xeon
false
crypter_au3
false
crypter_dll
false
crypter_rawstub
true
crypto_key
RndioOljcBmadZ
internal_mutex
txtMut
minimum_disk
42
minimum_ram
6001
ping_interval
4
rootkit
true
startup_persistence
true
username
user_871236672

Targets

- Target
  
  31ae2a2367b4fc.msi
- Size
  
  8.6MB
- MD5
  
  37593bb56df9b3ad6c9c8b777a7265ad
- SHA1
  
  ee06b5c4da2721323cfef688e48cf917c9f0edce
- SHA256
  
  92ffa8c1f772ff5487bb29f1539148bd6893ab4abf1de7ed603f84cbc39deddb
- SHA512
  
  f5e041d4ea406cf74fd43fec903ba98881d5762fffd8ee43a3a308a795eb0eeff093507b0b03f14497a5e30908fe5d5118c5a507ec10c78fc90c269f10ddfe2e
- SSDEEP
  
  196608:IeS5hV9/S6WXbfXlTrn7HZ5AQX3AveLukj1w9SyqunTiE7vS+:IdhVs6WXjX9HZ5AQX32WDjyqumI
Score

10^/10

darkgate user_871236672 discovery stealer
- DarkGate
  DarkGate is an infostealer written in C++.
  stealer darkgate
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkgateuser_871236672discoverystealer

behavioral2