darkgate

General

Target

Mazoku.rar
Size

7.7MB
Sample

240327-q4256add72
MD5

562a55490f4719dbd30afce441f8a4fd
SHA1

ad524094f13ef4942dd77ca3ab3b693d57ae3292
SHA256

0548b90912c147102750c6b6e84504fa8f37f7143c288131a6e00793646024bc
SHA512

18cfb09c0978d6830980dc977b620d27e0f8f28c0ed32ec2db08a9a457c37553a5d33654cf7a458edd35ae66100fde129caf361f2b5d3d8d9c60acd6d09a97e4
SSDEEP

196608:w3QZXDD8kTaGTkpnwvH9IzFvW7sZhi442i3o/bc3K2Z+4ZtDVgU:wO8kuGTcnWdINW7ihiHsY3rL7Bh

Score

10^/10

Malware Config

Extracted

Family

darkgate

Botnet

admin888

C2

badbutperfect.com

Attributes

anti_analysis
true
anti_debug
false
anti_vm
true
c2_port
80
check_disk
false
check_ram
false
check_xeon
false
crypter_au3
false
crypter_dll
false
crypter_raw_stub
false
internal_mutex
WZqqpfdY
minimum_disk
50
minimum_ram
4000
ping_interval
6
rootkit
false
startup_persistence
true
username
admin888

Extracted

Family

vidar

Botnet

9e23613691aee9405b5fb64671c7c70e

C2

https://pvasms.top

https://steamcommunity.com/profiles/76561199658817715

https://t.me/sa9ok

Attributes

profile_id_v2
9e23613691aee9405b5fb64671c7c70e
user_agent
Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) AppleWebKit/534.6 (KHTML, like Gecko) Chrome/8.0.500.0 Safari/534.6

Targets

- Target
  
  #DarkGate/AutoHotkey.exe
- Size
  
  892KB
- MD5
  
  a59a2d3e5dda7aca6ec879263aa42fd3
- SHA1
  
  312d496ec90eb30d5319307d47bfef602b6b8c6c
- SHA256
  
  897b0d0e64cf87ac7086241c86f757f3c94d6826f949a1f0fec9c40892c0cecb
- SHA512
  
  852972ca4d7f9141ea56d3498388c61610492d36ea7d7af1b36d192d7e04dd6d9bc5830e0dcb0a5f8f55350d4d8aaac2869477686b03f998affbac6321a22030
- SSDEEP
  
  24576:bGzl9+a4Ne1nEFI56xU+0IdY2Zv952uetfbFEzP4UFhOt:b+tOWnEFZR0El0JEzQAh
Score

10^/10

darkgate admin888 stealer
- DarkGate
  DarkGate is an infostealer written in C++.
  stealer darkgate
- Detect DarkGate stealer
behavioral1 behavioral2
- Target
  
  #Vidar/Setup.exe
- Size
  
  7.3MB
- MD5
  
  49b6bce6cd0111433969c39a62635f91
- SHA1
  
  0e34b4e770cc7d018b955bc14dabb205321e872c
- SHA256
  
  29345d9c6ff0106c9032b15e2c88f17bc8972ed843d1b5c044cf17d00f1d45c5
- SHA512
  
  4737663a5a6b30779650dcaa461b7751bfb735d2c906d04d877604db5a270f68205e0ff1240f2509f2835d885708b849759b10d22deff3bf0f03579bd1402ff8
- SSDEEP
  
  49152:/Ph7SQtfhuOhfEPOBjP9P6SOgjha5VKnRt3RQ9Wpvgt4sbVpEmVT1oG3vTROBYxI:ntBbz3q9QluER
Score

10^/10

vidar 9e23613691aee9405b5fb64671c7c70e stealer
- Detect Vidar Stealer
  stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Detect DarkGate stealer

Detect Vidar Stealer

Vidar

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4