darkgate | 2463dc75e435c7f0f0b13c55aa7870d1c2ab56378d334261a9a913685bacdd53 | Triage

Sharing

General

Target

15032024_1000_drkgate_1403.bin
Size

452KB
Sample

240315-ce81hsdg5t
MD5

5acc8f4e5baddb6804a0ec566fe3574f
SHA1

e99ea46e95868f8f5a1134f6d64f9f8652a15dd3
SHA256

2463dc75e435c7f0f0b13c55aa7870d1c2ab56378d334261a9a913685bacdd53
SHA512

b1ca3f140ea184a2baf9c32372f8ac7f9e6576c4b1be38a5f8a32de7d50f08bd5912f38f39c1d284f1f7783f87a8a087b4b2285ce063f49b80e3ea0845214303
SSDEEP

12288:FtkKpKF2q1F3WbaPio/TKvJzghvOXK7BOw:FtZA1F3WbaPio/OvJ09VU

Score

10^/10

darkgate admin888 stealer

Malware Config

Extracted

Family

darkgate

Botnet

admin888

C2

nextroundst.com

Attributes

anti_analysis
true
anti_debug
false
anti_vm
true
c2_port
80
check_disk
false
check_ram
false
check_xeon
false
crypter_au3
false
crypter_dll
false
crypter_raw_stub
false
internal_mutex
NeONIafa
minimum_disk
50
minimum_ram
4000
ping_interval
6
rootkit
false
startup_persistence
true
username
admin888

Targets

- Target
  
  15032024_1000_drkgate_1403.bin
- Size
  
  452KB
- MD5
  
  5acc8f4e5baddb6804a0ec566fe3574f
- SHA1
  
  e99ea46e95868f8f5a1134f6d64f9f8652a15dd3
- SHA256
  
  2463dc75e435c7f0f0b13c55aa7870d1c2ab56378d334261a9a913685bacdd53
- SHA512
  
  b1ca3f140ea184a2baf9c32372f8ac7f9e6576c4b1be38a5f8a32de7d50f08bd5912f38f39c1d284f1f7783f87a8a087b4b2285ce063f49b80e3ea0845214303
- SSDEEP
  
  12288:FtkKpKF2q1F3WbaPio/TKvJzghvOXK7BOw:FtZA1F3WbaPio/OvJ09VU
Score

10^/10

darkgate admin888 stealer
- DarkGate
  DarkGate is an infostealer written in C++.
  stealer darkgate
- Detect DarkGate stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

admin888darkgate

behavioral1

darkgateadmin888stealer

behavioral2

darkgateadmin888stealer