darkgate | f73c8721b190b169fcea90b4999a9b7ddc6078bb9ed46d119118f2c9c9c2ffdc | Triage

Sharing

General

Target

0bae047a2fecd7a081f9980a7f754af4fa0c9e5eb41b937ab8448ef50edf820f.zip
Size

67KB
Sample

231116-s5xceaeb3v
MD5

ba01a5f7c8b26475bbca05705017dc6e
SHA1

ad92329a3473bae03247cf6ebe4a87559eba30c5
SHA256

f73c8721b190b169fcea90b4999a9b7ddc6078bb9ed46d119118f2c9c9c2ffdc
SHA512

aa0a7ec7bad9cd18cf2186d0dd1424434ef361d496c35142d73bacb9bda9043aa57e348e848fe6921b8a4465c053ee44ff05aec5b2b193cc24c8bd97a0524f17
SSDEEP

1536:Z9OmFXN1XfkFWI6i25aN/T49y8jlG37o1FDp7x:/OmF91XfOWI6r8T49NlMo1hp7x

Score

10^/10

darkgate a11111 stealer

Malware Config

Extracted

Family

darkgate

Botnet

A11111

C2

http://faststroygo.com

Attributes

alternative_c2_port
8080
anti_analysis
false
anti_debug
false
anti_vm
false
c2_port
80
check_disk
false
check_ram
false
check_xeon
false
crypter_au3
false
crypter_dll
false
crypter_rawstub
true
crypto_key
sYEvPOjQglaHah
internal_mutex
txtMut
minimum_disk
100
minimum_ram
4096
ping_interval
4
rootkit
true
startup_persistence
true
username
A11111

Targets

- Target
  
  JNVEEN.js
- Size
  
  237KB
- MD5
  
  ea6fd6ca47514d9c632c119d73aef528
- SHA1
  
  0d47cbd6d19a17a57077cbc0d0aa659865458672
- SHA256
  
  c788100411c38388afc3438dccc05297ac7a77083f579e4a7e8d6e1479214fde
- SHA512
  
  e20079b69e82eb48222635ef03a6f935871ea69f6d7715401ac208bbbb33a5af7fcb8c6c745364b31c2ee07e3f4bf2e5e5c2d1ae6ae87b795fa23230ead290ec
- SSDEEP
  
  6144:k7hgXeerjqlI2Iro+Qqn7hgXeerjqlI2Iro+JGxw:ehgSlI23W7hgSlI23Ct
Score

10^/10

darkgate a11111 stealer
- DarkGate
  DarkGate is an infostealer written in C++.
  stealer darkgate
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Blocklisted process makes network request
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

darkgatea11111stealer

behavioral3

darkgatea11111stealer