darkgate | 90e38d684c63fee4e5d7bdd16c4409022bf9edfc7cf266b9e49936962ce37b03 | Triage

Submit
Reports

Overview

overview

Static

static

3

90e38d684c...03.dll

windows7-x64

90e38d684c...03.dll

windows10-2004-x64

Resubmissions

26-12-2023 01:47

231226-b7twmaedc9 10

02-12-2023 09:15

231202-k761mabc26 10

Sharing

General

Target

90e38d684c63fee4e5d7bdd16c4409022bf9edfc7cf266b9e49936962ce37b03.dll
Size

2.7MB
Sample

231226-b7twmaedc9
MD5

6376c4e1fa2dcb1c73f178b675ea5840
SHA1

c46e52b896bf3b53a6878d2b2386a9dc40377f19
SHA256

90e38d684c63fee4e5d7bdd16c4409022bf9edfc7cf266b9e49936962ce37b03
SHA512

d967d2e60b743bd57489c9edd0cf9d820d0ea749402be2dcb7b2e14a82828aa4c981b9fa32470d9f5fb208152e673eb3b9daf0485c53680548f5ea2619537494
SSDEEP

24576:dHZrhn7olvHbxA7qQCzt/s7ry5SnCo44Bg85mwFXyEOdT1ZAIe9ae/K4wMIQb6Vo:dpqt7sU9s7r/HvCKPP

Score

10^/10

darkgate a11111 stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

90e38d684c63fee4e5d7bdd16c4409022bf9edfc7cf266b9e49936962ce37b03.dll

Resource

win7-20231215-en

darkgate a11111 stealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

90e38d684c63fee4e5d7bdd16c4409022bf9edfc7cf266b9e49936962ce37b03.dll

Resource

win10v2004-20231215-en

darkgate a11111 stealer

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

darkgate

Version

5.2.8

Botnet

A11111

C2

http://trans1ategooglecom.com

http://saintelzearlava.com

Attributes

alternative_c2_port
8080
anti_analysis
false
anti_debug
false
anti_vm
false
c2_port
80
check_disk
false
check_ram
false
check_xeon
false
crypter_au3
false
crypter_dll
false
crypter_raw_stub
true
crypto_key
XiOwgXyDLNDEpj
internal_mutex
txtMut
minimum_disk
100
minimum_ram
4096
ping_interval
4
rootkit
true
startup_persistence
true
username
A11111

Targets

- Target
  
  90e38d684c63fee4e5d7bdd16c4409022bf9edfc7cf266b9e49936962ce37b03.dll
- Size
  
  2.7MB
- MD5
  
  6376c4e1fa2dcb1c73f178b675ea5840
- SHA1
  
  c46e52b896bf3b53a6878d2b2386a9dc40377f19
- SHA256
  
  90e38d684c63fee4e5d7bdd16c4409022bf9edfc7cf266b9e49936962ce37b03
- SHA512
  
  d967d2e60b743bd57489c9edd0cf9d820d0ea749402be2dcb7b2e14a82828aa4c981b9fa32470d9f5fb208152e673eb3b9daf0485c53680548f5ea2619537494
- SSDEEP
  
  24576:dHZrhn7olvHbxA7qQCzt/s7ry5SnCo44Bg85mwFXyEOdT1ZAIe9ae/K4wMIQb6Vo:dpqt7sU9s7r/HvCKPP
Score

10^/10

darkgate a11111 stealer
- DarkGate
  DarkGate is an infostealer written in C++.
  stealer darkgate
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

darkgatea11111stealer

behavioral2

darkgatea11111stealer

© 2018-2024

Terms | Privacy