darkgate | 185e3d9466117c81871a4acbdb26d6ad901ea2f063c96d888c33d507a5f41d7d | Triage

Submit
Reports

Overview

overview

Static

static

1

ea673e0e69...b3.msi

windows7-x64

ea673e0e69...b3.msi

windows10-2004-x64

Sharing

General

Target

ea673e0e6986e41a73c19dd2a9cfde3d2d4186ef52c23c1253dde2d54faca7b3.zip
Size

1.9MB
Sample

240302-xx8spagc41
MD5

843b2a08ce56273be3f60dff6334595a
SHA1

65c2041376087e824b9279ce472e8a0d7817c262
SHA256

185e3d9466117c81871a4acbdb26d6ad901ea2f063c96d888c33d507a5f41d7d
SHA512

41f5c92e9fb03662e2ef2aef08d75a86c0caf02a8754ce3de462458fa090ac0e0ff3b8bdb92312aaf5cafd92a38d35bc41d4ac8d0fc8746fcde2344ae5f0c4da
SSDEEP

49152:QF3wR4s8ongqFq7Q3QyFjs2p552ZByovt:FRB8BPQ3xJpsyovt

Score

10^/10

darkgate admin888 discovery stealer

Static task

static1

Behavioral task

behavioral1

Sample

ea673e0e6986e41a73c19dd2a9cfde3d2d4186ef52c23c1253dde2d54faca7b3.msi

Resource

win7-20240221-en

darkgate admin888 discovery stealer

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

ea673e0e6986e41a73c19dd2a9cfde3d2d4186ef52c23c1253dde2d54faca7b3.msi

Resource

win10v2004-20240226-en

darkgate admin888 discovery stealer

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

darkgate

Botnet

admin888

C2

38.180.60.31

Attributes

anti_analysis
true
anti_debug
false
anti_vm
false
c2_port
80
check_disk
true
check_ram
true
check_xeon
false
crypter_au3
false
crypter_dll
false
crypter_raw_stub
false
internal_mutex
yjuEPWsj
minimum_disk
30
minimum_ram
4096
ping_interval
6
rootkit
false
startup_persistence
true
username
admin888

Targets

- Target
  
  ea673e0e6986e41a73c19dd2a9cfde3d2d4186ef52c23c1253dde2d54faca7b3.msi
- Size
  
  3.7MB
- MD5
  
  426a59cd5e215e9f3696c1dcc8455d20
- SHA1
  
  255d113da1dc32c3b341e643c01e9f5a13e060de
- SHA256
  
  ea673e0e6986e41a73c19dd2a9cfde3d2d4186ef52c23c1253dde2d54faca7b3
- SHA512
  
  4b684a97aa6d3b08459b69fb610b6ad5458de56c056f79e91e164cd8914f58ed8734ea4493bbac42c18982a80ffea30d6ba4306ef722bafc49debd4b0f68540a
- SSDEEP
  
  49152:TpUPbczduZ0Yx87nxODZGMFLnd+A1m4wcMO6XOf4BmCk2ZlZ:Tp1BB7nxOtFjfBwpOff4BmCk2Zl
Score

10^/10

darkgate admin888 discovery stealer
- DarkGate
  DarkGate is an infostealer written in C++.
  stealer darkgate
- Detect DarkGate stealer
- Modifies file permissions
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkgateadmin888discoverystealer

behavioral2

darkgateadmin888discoverystealer

© 2018-2025

Terms | Privacy