darkgate | 1382affe383ade870ac87f4e4a466a1aa4fed32d96962324b6eaa1822e031adf | Triage

Submit
Reports

Overview

overview

Static

static

1

doomday.msi

windows7-x64

doomday.msi

windows10-2004-x64

Sharing

General

Target

55ceb913cdd2514c28c7fb4e5c26967aa9a9d71fdc81d408ad333c5dde7a8c6e.zip
Size

1.8MB
Sample

240302-xx6y4agc4v
MD5

dcb391646095f78fd516e73846a746a9
SHA1

bf575262562ef22d5f915deaa8c0bbc5cd80f1bf
SHA256

1382affe383ade870ac87f4e4a466a1aa4fed32d96962324b6eaa1822e031adf
SHA512

9478c4eec9a5441fd60c25f217d3a82db9de826886ca280ae12c2282c03da3ece9e8f2d722f0608c53efae48f0f42cfeba06a04669329a58feeb2fdeb889f4d8
SSDEEP

49152:kio1YyggWW3hMOAW9xalKTrF5dDiJQJw4DvZbuV1PMbjZDY:kNjgCy+fF512QJLkLM/e

Score

10^/10

darkgate admin888 discovery stealer

Static task

static1

Behavioral task

behavioral1

Sample

doomday.msi

Resource

win7-20240215-en

darkgate admin888 discovery stealer

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

doomday.msi

Resource

win10v2004-20240226-en

darkgate admin888 discovery stealer

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

darkgate

Botnet

admin888

C2

38.180.60.31

Attributes

anti_analysis
true
anti_debug
false
anti_vm
false
c2_port
80
check_disk
true
check_ram
true
check_xeon
false
crypter_au3
false
crypter_dll
false
crypter_raw_stub
false
internal_mutex
yjuEPWsj
minimum_disk
30
minimum_ram
4096
ping_interval
6
rootkit
false
startup_persistence
true
username
admin888

Targets

- Target
  
  doomday.msi
- Size
  
  3.7MB
- MD5
  
  426a59cd5e215e9f3696c1dcc8455d20
- SHA1
  
  255d113da1dc32c3b341e643c01e9f5a13e060de
- SHA256
  
  ea673e0e6986e41a73c19dd2a9cfde3d2d4186ef52c23c1253dde2d54faca7b3
- SHA512
  
  4b684a97aa6d3b08459b69fb610b6ad5458de56c056f79e91e164cd8914f58ed8734ea4493bbac42c18982a80ffea30d6ba4306ef722bafc49debd4b0f68540a
- SSDEEP
  
  49152:TpUPbczduZ0Yx87nxODZGMFLnd+A1m4wcMO6XOf4BmCk2ZlZ:Tp1BB7nxOtFjfBwpOff4BmCk2Zl
Score

10^/10

darkgate admin888 discovery stealer
- DarkGate
  DarkGate is an infostealer written in C++.
  stealer darkgate
- Detect DarkGate stealer
- Modifies file permissions
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkgateadmin888discoverystealer

behavioral2

darkgateadmin888discoverystealer

© 2018-2025

Terms | Privacy