darkgate | fd77b8c213b4a3629abca71de153ddb41b49eff69d781b2222efc16cec7dd04b | Triage

Submit
Reports

Overview

overview

Static

static

1

05022024_2...er.hta

windows7-x64

3

05022024_2...er.hta

windows10-2004-x64

Sharing

General

Target

05022024_2209_singer.hta
Size

72KB
Sample

240205-rf3x8aheb5
MD5

85c97d1919e8f1936ff6930495892788
SHA1

c547a5c5781d415bbec71189c48ac465a14514a1
SHA256

fd77b8c213b4a3629abca71de153ddb41b49eff69d781b2222efc16cec7dd04b
SHA512

618ebfb23e191c6b03da8ff1e2eca1db378c2ba0f1475d927d00c3a3459e18345c597901d6c622b6e7697db2739924911c9c8ff9d62d19e23dd0e5bb74f45c78
SSDEEP

768:W5sZHTGIH559B0P2pD4Lxj3COqibKnZw/OMN38u1LuvLutoLuV6lYWlY6CJNc1nT:syHKIHz9KP2SLxzj2LBdti5Oz

Score

10^/10

darkgate persistence stealer

Static task

static1

Behavioral task

behavioral1

Sample

05022024_2209_singer.hta

Resource

win7-20231215-en

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

05022024_2209_singer.hta

Resource

win10v2004-20231215-en

darkgate persistence stealer

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Targets

- Target
  
  05022024_2209_singer.hta
- Size
  
  72KB
- MD5
  
  85c97d1919e8f1936ff6930495892788
- SHA1
  
  c547a5c5781d415bbec71189c48ac465a14514a1
- SHA256
  
  fd77b8c213b4a3629abca71de153ddb41b49eff69d781b2222efc16cec7dd04b
- SHA512
  
  618ebfb23e191c6b03da8ff1e2eca1db378c2ba0f1475d927d00c3a3459e18345c597901d6c622b6e7697db2739924911c9c8ff9d62d19e23dd0e5bb74f45c78
- SSDEEP
  
  768:W5sZHTGIH559B0P2pD4Lxj3COqibKnZw/OMN38u1LuvLutoLuV6lYWlY6CJNc1nT:syHKIHz9KP2SLxzj2LBdti5Oz
Score

10^/10

darkgate persistence stealer
- DarkGate
  DarkGate is an infostealer written in C++.
  stealer darkgate
- Detect DarkGate stealer
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scripting

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

darkgatepersistencestealer

© 2018-2025

Terms | Privacy