darkgate | 27c1008f283ea779e96e487038c4f0a34c355439cb97790998df4a178baaa433 | Triage

Sharing

General

Target

infected.zip
Size

1.8MB
Sample

240319-sqv6ssfh5v
MD5

2afe086468b3a01449d10c35229c8c7c
SHA1

22fc9267defb93870b0690daf91d8bc27fdd39b1
SHA256

27c1008f283ea779e96e487038c4f0a34c355439cb97790998df4a178baaa433
SHA512

dc0e01c6fbcce34a1411f0b87e4c6acb07520736228fef8e010aad3622fe1793245b0b0feb6bbdd648933a493e18eb2414d256e9671616f031b0444bdefe9167
SSDEEP

49152:GRKMZDtDF3n4CyAuP7N8frrf5uK4lGzdvS/2itK:G5tuCZi7FK4lGz5S+itK

Score

10^/10

darkgate admin888 stealer

Malware Config

Extracted

Family

darkgate

Botnet

admin888

C2

newdomainfortesteenestle.com

Attributes

anti_analysis
true
anti_debug
false
anti_vm
false
c2_port
443
check_disk
false
check_ram
true
check_xeon
false
crypter_au3
false
crypter_dll
false
crypter_raw_stub
false
internal_mutex
ZLhPAWah
minimum_disk
100
minimum_ram
4096
ping_interval
6
rootkit
false
startup_persistence
false
username
admin888

Targets

- Target
  
  libvlc.dll
- Size
  
  1.5MB
- MD5
  
  0a95072b247d25671784f7904ff96c2b
- SHA1
  
  7eb59ffc0798cfddbb81ab606778c361a223f3ac
- SHA256
  
  e05a7b47a4ddf8e85c1dd406fcf62d4cd3de7208212a6d0e9360c06e1acfc1bf
- SHA512
  
  b00f8e2b28dde8a88a923062c57cd727cceac6bb6db1e61b6600c3ed6dbf7a5559a673ea5e16bf4b538325b82137bd39c94765d8987210d9b63078cc571cc73f
- SSDEEP
  
  24576:CZNTqhx99zSBbP8N2xV1NLSswDgS3j4Hbo:MTqh39zs4yygS3
Score

1^/10
behavioral1 behavioral2
- Target
  
  sqlite3.dll
- Size
  
  1.6MB
- MD5
  
  7004c5b33f5e25bcf30296f0f73d9d9a
- SHA1
  
  c41409ebd54a2fcf6384c5da731ad72379d7bbe2
- SHA256
  
  f4fa5b3e56077d29e3877dbc1f2c8feb507fb4add72f6023ddb6af00bab7fcf7
- SHA512
  
  52a0d605dfcf4e07bd07c41c38e6e65eb91f6bdc7aad323d8b1c1b90b1bb2c093443a4567bb8c1dac2b67ef050c322e6b60a76c366b76176117650beebc3afbb
- SSDEEP
  
  24576:9XPfzUQIbegGBlr/yyVyny+eAoFQYpgfIOnSXdn0sJGvBtTT1OBLZvu6N0ar:OQIPGL/yyVy6DQ4gfpnSN0osBNd6N0ar
Score

1^/10
behavioral3 behavioral4
- Target
  
  vlc.exe
- Size
  
  966KB
- MD5
  
  035860e139ba6db1b38d5346cb6ff5b6
- SHA1
  
  d515303cbca3a8ae7a0463fecd418d81b314e650
- SHA256
  
  16197a321fc7b0a2a311e689621fe4a7cd50fdcb2d163973a31e4fd6352232d7
- SHA512
  
  14dab9108d85af72001631130923b94483dd1440f24a8eedad41756db3030c5e11e80ec894922c389e09c86e8b721bcbd8594bd3646f484560f89963a7e18cc7
- SSDEEP
  
  24576:le3xAibB85Z1HrWtB8z1L1OQJK5zzz3zzzozzz3zzz2w:wxAibBEZ1LWtBznvw
Score

10^/10

darkgate admin888 stealer
- DarkGate
  DarkGate is an infostealer written in C++.
  stealer darkgate
- Detect DarkGate stealer
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

darkgateadmin888stealer

behavioral6

darkgateadmin888stealer