darkgate | 8abdcccd1e49663190b5071cdafeba3e8b4a4471bceaeaa5915a7ce17ceaf3a3 | Triage

Submit
Reports

Overview

overview

Static

static

1

NEAS.Invoice.msi

windows7-x64

NEAS.Invoice.msi

windows10-2004-x64

Sharing

General

Target

NEAS.Invoice.msi
Size

2.2MB
Sample

231116-rapteacc44
MD5

165dc9d8a2036c77094422d89913deff
SHA1

a1b668d163e9ab7a6a1654a27e7a2c46207caaf7
SHA256

8abdcccd1e49663190b5071cdafeba3e8b4a4471bceaeaa5915a7ce17ceaf3a3
SHA512

fd4d02211b820eb0c982fd55d9c37b0ba06f01cb1febc93ac76ba9637f58fcdaafd4656256e8589b10d04d7a4827f568b8f49d3a7bd8c6cf8fa44a1b09822388
SSDEEP

49152:upUPhwblqpM8LVFlJ52YIegQxBXkk1tHaOufTyhvPTCAzk9NoX+Ikgu:upgCpe/28pntpPohXgu

Score

10^/10

darkgate herady5 discovery stealer

Static task

static1

Behavioral task

behavioral1

Sample

NEAS.Invoice.msi

Resource

win7-20231023-en

darkgate herady5 discovery stealer

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

NEAS.Invoice.msi

Resource

win10v2004-20231023-en

darkgate herady5 discovery stealer

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

darkgate

Botnet

herady5

C2

http://167.114.199.65

Attributes

alternative_c2_port
2351
anti_analysis
false
anti_debug
false
anti_vm
false
c2_port
2351
check_disk
false
check_ram
false
check_xeon
false
crypter_au3
true
crypter_dll
false
crypter_rawstub
false
crypto_key
PuqpVjoUKJizHc
internal_mutex
chaCaA
minimum_disk
100
minimum_ram
4096
ping_interval
30
rootkit
true
startup_persistence
true
username
herady5

Targets

- Target
  
  NEAS.Invoice.msi
- Size
  
  2.2MB
- MD5
  
  165dc9d8a2036c77094422d89913deff
- SHA1
  
  a1b668d163e9ab7a6a1654a27e7a2c46207caaf7
- SHA256
  
  8abdcccd1e49663190b5071cdafeba3e8b4a4471bceaeaa5915a7ce17ceaf3a3
- SHA512
  
  fd4d02211b820eb0c982fd55d9c37b0ba06f01cb1febc93ac76ba9637f58fcdaafd4656256e8589b10d04d7a4827f568b8f49d3a7bd8c6cf8fa44a1b09822388
- SSDEEP
  
  49152:upUPhwblqpM8LVFlJ52YIegQxBXkk1tHaOufTyhvPTCAzk9NoX+Ikgu:upgCpe/28pntpPohXgu
Score

10^/10

darkgate herady5 discovery stealer
- DarkGate
  DarkGate is an infostealer written in C++.
  stealer darkgate
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkgateherady5discoverystealer

behavioral2

darkgateherady5discoverystealer

© 2018-2025

Terms | Privacy