Overview

overview

10

Static

static

10

21022024_0...24.exe

windows7-x64

10

21022024_0...24.exe

windows10-2004-x64

10

Resubmissions

29-02-2024 18:06

240229-wp2hzaha63 10

21-02-2024 01:41

240221-b4l2lshc4z 10

Analysis

  • max time kernel
    122s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    21-02-2024 01:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    21022024_0941_drkgate_20022024.exe

  • Size

    429KB

  • MD5

    480352d5b0008b8bec21765a66ab6c64

  • SHA1

    cb52310d9b7825ecd8a071f3a9d6b5e43f40c37d

  • SHA256

    743be14d9bc3bf267faffcb1d2508a5c86ad831f14b60e150a74a02e7f23176c

  • SHA512

    be2123d96dc98dd241bcb427789d0efd62d0dcc6a7e40f089ac9ec5e8bd7d4a83c6880a12999161d9ba1e8e9f1dd5e1c14cf337d33d133bc06c21401732f0688

  • SSDEEP

    6144:XOqCGE4YfqjtJwcQZpzZb5TA4dS7X9bHGJXoaX9z2SKHGJ9tc41j1R3+Il:LCGEytJwcQZhZbpA4d6ZCzrHJ9tcMd

Score
10/10
darkgatestealer

Malware Config

Signatures

  • DarkGate

    DarkGate is an infostealer written in C++.

    stealerdarkgate
  • Detect DarkGate stealer 1 IoCs
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

Processes

  • C:\Users\Admin\AppData\Local\Temp\21022024_0941_drkgate_20022024.exe
    "C:\Users\Admin\AppData\Local\Temp\21022024_0941_drkgate_20022024.exe"
    1⤵
    • Checks processor information in registry
    PID:3036

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3036-1-0x0000000000400000-0x0000000000471000-memory.dmp

    Filesize

    452KB

    Download