darkgate | 255c0904241488153c4ee4f07bfbf5f8e8165aa32b73a8f5eb58c65dabf6fdec | Triage

Sharing

General

Target

files.cab
Size

3.6MB
Sample

240207-xcwydsgh5y
MD5

9e1703f962e0783e4554f48e0ff47fa6
SHA1

e451d50985eacf7b716870e0062f062003f327b5
SHA256

255c0904241488153c4ee4f07bfbf5f8e8165aa32b73a8f5eb58c65dabf6fdec
SHA512

09ee93e2dc06c046af86d7923b8b3f7884226f16b652e240a710945831b421993ad6abbd282be959329e8a3546fa1fa6eff964e81e76067b1e734d440fcff45d
SSDEEP

49152:Q9qhCxzT+WKjSXNJzLVI42Hdd8PWokdCvmmmmmmmmE/5vfH2xexG8JN6DB/:QCQNVLe5HXSW55vfHkexGsQ

Score

10^/10

darkgate admin888 discovery execution stealer

Malware Config

Extracted

Family

darkgate

Botnet

admin888

C2

strongdomainsercgerhhost.com

Attributes

anti_analysis
true
anti_debug
false
anti_vm
false
c2_port
443
check_disk
true
check_ram
true
check_xeon
false
crypter_au3
false
crypter_dll
false
crypter_raw_stub
false
internal_mutex
VMKaaNDw
minimum_disk
70
minimum_ram
4096
ping_interval
6
rootkit
false
startup_persistence
true
username
admin888

Targets

- Target
  
  iTunesHelper.exe
- Size
  
  358KB
- MD5
  
  ed6a1c72a75dee15a6fa75873cd64975
- SHA1
  
  67a15ca72e3156f8be6c46391e184087e47f4a0d
- SHA256
  
  0d8878cca08903777888b3681f90e4a07c7aef7d9600a67dfa985844d4bf5eda
- SHA512
  
  256c2ebfeb42c2d3340d8bb423ef0ae48d5fb9fe5ca09c363595f51a03007482b67a777e4cae7a8194f69bc3a3fbcdb9abb5c9f92097925272431bb9d50f5c03
- SSDEEP
  
  6144:TjZtNtzxEFQVLEhZbblN4W6ZDNFfEai23+FM2+zIv+98vS:ZRxMQLEhZXybF8Ut4o8a
Score

10^/10

darkgate admin888 discovery execution stealer
- DarkGate
  DarkGate is an infostealer written in C++.
  stealer darkgate
- Darkgate family
  darkgate
- Detect DarkGate stealer
- Command and Scripting Interpreter: AutoIT
  Using AutoIT for possible automate script.
  execution
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

AutoHotKey & AutoIT

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkgateadmin888discoveryexecutionstealer

behavioral2

darkgateadmin888discoveryexecutionstealer

behavioral3

darkgateadmin888discoveryexecutionstealer