Analysis
-
max time kernel
122s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
-
submitted
26-03-2024 16:25
General
-
Target
27032024_0025_drkgate_2603.exe
-
Size
452KB
-
MD5
a9e3f35e404ae681505001afce86b173
-
SHA1
a091dd3538d64cace85c017b60b047ebc3566c36
-
SHA256
6ed1b68de55791a6534ea96e721ff6a5662f2aefff471929d23638f854a80031
-
SHA512
3319df928307c8a8303f495edf399a1ef796426ee06a232d486e501cfb93460a439880396f849f41a125801af8e6700f70a0f049bde6cb6d88e6da062914d23c
-
SSDEEP
6144:tnqtNwXtF9sSDTIITlWoIqKIkg9IDXJi7usWkm/pbyoaNnW5Wva1EpkXy9/:otNyt3NTlNIqPkg9IDX+C3GW06EpkC9
Score
10/10
Malware Config
Extracted
Family
darkgate
Botnet
admin888
C2
withupdate.com
Attributes
-
anti_analysis
true
-
anti_debug
false
-
anti_vm
true
-
c2_port
80
-
check_disk
false
-
check_ram
false
-
check_xeon
false
-
crypter_au3
false
-
crypter_dll
false
-
crypter_raw_stub
false
-
internal_mutex
VqunyHFY
-
minimum_disk
50
-
minimum_ram
4000
-
ping_interval
6
-
rootkit
false
-
startup_persistence
true
-
username
admin888
Signatures
-
DarkGate
DarkGate is an infostealer written in C++.
-
Detect DarkGate stealer 1 IoCs
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes
-
C:\Users\Admin\AppData\Local\Temp\27032024_0025_drkgate_2603.exe"C:\Users\Admin\AppData\Local\Temp\27032024_0025_drkgate_2603.exe"1⤵
- Checks processor information in registry
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
452KB