darkgate | 5e94aa172460e74293db106a98327778ae2d32c6ce6592857a1ec0c581543572 | Triage

Sharing

General

Target

5e94aa172460e74293db106a98327778ae2d32c6ce6592857a1ec0c581543572
Size

7.7MB
Sample

231124-yc2djsdg83
MD5

6c3599836e9a3ee7839b5e214681cd94
SHA1

3fb8d21c788229278a7156cda7e8df9f92b25cf0
SHA256

5e94aa172460e74293db106a98327778ae2d32c6ce6592857a1ec0c581543572
SHA512

ad8f4555e9008f02079d002080c81d9c19a2b15a9739f6450ef2356cfe4ea1bb989e5c11921c440df4d9d90f67719be16ec830c1fedb7ee8aa3aa9264ef7a9bb
SSDEEP

98304:vpuKjsEZcgsdUqakFRFawTV82ASqQBW9vpWzxjFycvniqy33XglSB2CiU39q/C+w:B1NsUqai/pTOryNnxyXxBTir/R

Score

10^/10

darkgate user_871236672 discovery stealer

Malware Config

Extracted

Family

darkgate

Botnet

user_871236672

C2

http://taochinashowwers.com

Attributes

alternative_c2_port
8080
anti_analysis
true
anti_debug
true
anti_vm
true
c2_port
2351
check_disk
true
check_ram
true
check_xeon
true
crypter_au3
false
crypter_dll
false
crypter_rawstub
true
crypto_key
MImlcsfyPCPETh
internal_mutex
txtMut
minimum_disk
35
minimum_ram
6000
ping_interval
4
rootkit
true
startup_persistence
true
username
user_871236672

Targets

- Target
  
  5e94aa172460e74293db106a98327778ae2d32c6ce6592857a1ec0c581543572
- Size
  
  7.7MB
- MD5
  
  6c3599836e9a3ee7839b5e214681cd94
- SHA1
  
  3fb8d21c788229278a7156cda7e8df9f92b25cf0
- SHA256
  
  5e94aa172460e74293db106a98327778ae2d32c6ce6592857a1ec0c581543572
- SHA512
  
  ad8f4555e9008f02079d002080c81d9c19a2b15a9739f6450ef2356cfe4ea1bb989e5c11921c440df4d9d90f67719be16ec830c1fedb7ee8aa3aa9264ef7a9bb
- SSDEEP
  
  98304:vpuKjsEZcgsdUqakFRFawTV82ASqQBW9vpWzxjFycvniqy33XglSB2CiU39q/C+w:B1NsUqai/pTOryNnxyXxBTir/R
Score

10^/10

darkgate user_871236672 discovery stealer
- DarkGate
  DarkGate is an infostealer written in C++.
  stealer darkgate
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkgateuser_871236672discoverystealer