darkgate | 0bae047a2fecd7a081f9980a7f754af4fa0c9e5eb41b937ab8448ef50edf820f | Triage

Sharing

General

Target

NEAS.0bae047a2fecd7a081f9980a7f754af4fa0c9e5eb41b937ab8448ef50edf820f.zip
Size

67KB
Sample

231116-v8hdrsfd2x
MD5

1f70fb6ce081900dbf96b51204bd1ea3
SHA1

56adfe7fe3715265f22e770cc3e555ef2f9f9c4d
SHA256

0bae047a2fecd7a081f9980a7f754af4fa0c9e5eb41b937ab8448ef50edf820f
SHA512

400f2e41b1ac7da7d67e6489a21af07675a22c301a14cbc1222d193007a7d8276ab69314be9e6effaf012428808e94073e81ebc1d607673a5cf3db84aa3aa98b
SSDEEP

1536:P2LY/m7c+C2BWCrb1ckCms/Pw2qFUlNtOmascDhuHzRgbj9u5:OLYe7rfrb1cZmcPDvLascDhAOA

Score

10^/10

darkgate a11111 stealer

Malware Config

Extracted

Family

darkgate

Botnet

A11111

C2

http://faststroygo.com

Attributes

alternative_c2_port
8080
anti_analysis
false
anti_debug
false
anti_vm
false
c2_port
80
check_disk
false
check_ram
false
check_xeon
false
crypter_au3
false
crypter_dll
false
crypter_rawstub
true
crypto_key
sYEvPOjQglaHah
internal_mutex
txtMut
minimum_disk
100
minimum_ram
4096
ping_interval
4
rootkit
true
startup_persistence
true
username
A11111

Targets

- Target
  
  JNVEEN.js
- Size
  
  237KB
- MD5
  
  ea6fd6ca47514d9c632c119d73aef528
- SHA1
  
  0d47cbd6d19a17a57077cbc0d0aa659865458672
- SHA256
  
  c788100411c38388afc3438dccc05297ac7a77083f579e4a7e8d6e1479214fde
- SHA512
  
  e20079b69e82eb48222635ef03a6f935871ea69f6d7715401ac208bbbb33a5af7fcb8c6c745364b31c2ee07e3f4bf2e5e5c2d1ae6ae87b795fa23230ead290ec
- SSDEEP
  
  6144:k7hgXeerjqlI2Iro+Qqn7hgXeerjqlI2Iro+JGxw:ehgSlI23W7hgSlI23Ct
Score

10^/10

darkgate a11111 stealer
- DarkGate
  DarkGate is an infostealer written in C++.
  stealer darkgate
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Blocklisted process makes network request
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

darkgatea11111stealer