darkgate | 8a2edeef9978d454882bfb233d9cd77505618b854f7899b27aeb095ff8ebb3f4 | Triage

Submit
Reports

Overview

overview

Static

static

8

8a2edeef99...f4.exe

windows7-x64

8a2edeef99...f4.exe

windows10-2004-x64

Sharing

General

Target

8a2edeef9978d454882bfb233d9cd77505618b854f7899b27aeb095ff8ebb3f4.exe
Size

4.2MB
Sample

240306-cx6m4sgg3z
MD5

74019cf8562c516c372e09ce02de7355
SHA1

3ce6f711cd1ad954b96cb98055a3a40dae8c9a65
SHA256

8a2edeef9978d454882bfb233d9cd77505618b854f7899b27aeb095ff8ebb3f4
SHA512

7b41d9a1387ebdded1833a655166ffb2cd43b0eb490c5899bf72355a5e2e371b2d0be2231c5252b8fb2a569c92884e8a3391163207fdcb74e66edebcf5cfc771
SSDEEP

49152:1qCI3jRuBrxpU4hEZ/qCOyHcRdzFqivZaFChW7ZapGC8FXw+aPwEFtS5/BEc74fu:8CSsrxpU4hE1qCOeNiTGC89aZS2L

Score

10^/10

darkgate admin888 dave stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

8a2edeef9978d454882bfb233d9cd77505618b854f7899b27aeb095ff8ebb3f4.exe

Resource

win7-20240221-en

darkgate admin888 stealer

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

8a2edeef9978d454882bfb233d9cd77505618b854f7899b27aeb095ff8ebb3f4.exe

Resource

win10v2004-20240226-en

darkgate admin888 stealer

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

darkgate

Botnet

admin888

C2

afdhf198jfadafdkfad.com

Attributes

anti_analysis
true
anti_debug
false
anti_vm
true
c2_port
80
check_disk
false
check_ram
false
check_xeon
false
crypter_au3
false
crypter_dll
false
crypter_raw_stub
false
internal_mutex
lrDcZuOq
minimum_disk
50
minimum_ram
7000
ping_interval
6
rootkit
false
startup_persistence
true
username
admin888

Targets

- Target
  
  8a2edeef9978d454882bfb233d9cd77505618b854f7899b27aeb095ff8ebb3f4.exe
- Size
  
  4.2MB
- MD5
  
  74019cf8562c516c372e09ce02de7355
- SHA1
  
  3ce6f711cd1ad954b96cb98055a3a40dae8c9a65
- SHA256
  
  8a2edeef9978d454882bfb233d9cd77505618b854f7899b27aeb095ff8ebb3f4
- SHA512
  
  7b41d9a1387ebdded1833a655166ffb2cd43b0eb490c5899bf72355a5e2e371b2d0be2231c5252b8fb2a569c92884e8a3391163207fdcb74e66edebcf5cfc771
- SSDEEP
  
  49152:1qCI3jRuBrxpU4hEZ/qCOyHcRdzFqivZaFChW7ZapGC8FXw+aPwEFtS5/BEc74fu:8CSsrxpU4hE1qCOeNiTGC89aZS2L
Score

10^/10

darkgate admin888 stealer
- DarkGate
  DarkGate is an infostealer written in C++.
  stealer darkgate
- Detect DarkGate stealer
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

darkgateadmin888stealer

behavioral2

darkgateadmin888stealer

© 2018-2024

Terms | Privacy