darkgate | 5b3382faf060e55b994fb6fb9adc023b75ead723e0213c64fabd22a65f59e88c | Triage

Sharing

General

Target

data.zip
Size

1.4MB
Sample

240329-rfhbhsab9v
MD5

f12f73f6680af8008ead5f36bf0bb603
SHA1

a2baed066b275e827604cc537dc141237c3cd4a1
SHA256

5b3382faf060e55b994fb6fb9adc023b75ead723e0213c64fabd22a65f59e88c
SHA512

e56ac0c33e5e9f25a53b1df948b429a76b76a17a9209aa1e8e4f020f8eeed1214374217964c3e4dd84183362de07059762702f79256422e0e2ec5b139012b6c5
SSDEEP

24576:ZQq5mgRbTCJJd/pMpFYc/CDPqQTF/aCxWRdajKHew/9/V8lh69w6JxLahYuq:ZQebTCJbGtaDdaCxadajkPN8lhkxs9q

Score

10^/10

darkgate kaitoshiba123 stealer

Malware Config

Extracted

Family

darkgate

Botnet

kaitoshiba123

C2

45.63.52.184

Attributes

anti_analysis
true
anti_debug
false
anti_vm
true
c2_port
8094
check_disk
false
check_ram
false
check_xeon
false
crypter_au3
false
crypter_dll
false
crypter_raw_stub
false
internal_mutex
EhuJByqk
minimum_disk
100
minimum_ram
4096
ping_interval
6
rootkit
false
startup_persistence
true
username
kaitoshiba123

Targets

- Target
  
  abc.exe
- Size
  
  39KB
- MD5
  
  f1b14f71252de9ac763dbfbfbfc8c2dc
- SHA1
  
  dcc2dcb26c1649887f1d5ae557a000b5fe34bb98
- SHA256
  
  796ea1d27ed5825e300c3c9505a87b2445886623235f3e41258de90ba1604cd5
- SHA512
  
  636a32fb8a88a542783aa57fe047b6bca47b2bd23b41b3902671c4e9036c6dbb97576be27fd2395a988653e6b63714277873e077519b4a06cdc5f63d3c4224e0
- SSDEEP
  
  768:YRQnUhG5bZDOTpkdD82YbQkRFokFWIILPUh:FWObZDOTpk5T6zqAh
Score

10^/10

darkgate kaitoshiba123 stealer
- DarkGate
  DarkGate is an infostealer written in C++.
  stealer darkgate
- Detect DarkGate stealer
- Executes dropped EXE
behavioral1 behavioral2
- Target
  
  data.bin
- Size
  
  1.4MB
- MD5
  
  f665637276f6e484d76cbfde36eed6c0
- SHA1
  
  4425e9963fa2cf196713f58dfba03e6dd5cacd98
- SHA256
  
  ea0016db4d327ba924da287eba745dc148f342ffbe3913e34dd4bc75c222a91d
- SHA512
  
  6df509a80c6eef9d7bd53581f41d56640e1acd941b00b2dbb8a42d3fa56e570267bd5b61eaf56eaae362a2bf3817e6fe7396fe18d2237bc7efce90ae2c08aa02
- SSDEEP
  
  24576:VaQV5IAwUwkqAeJYT/Cri5g6tDqyT3AobkdfIijXu10P81ked/e6oWe4OB9XRw7E:VaQznwfqAsg6VfT3AnZuaU9W6le4OB5r
Score

3^/10
behavioral3 behavioral4
- Target
  
  g2m.dll
- Size
  
  399KB
- MD5
  
  40a87fac95b1fee45a6660d56fe67930
- SHA1
  
  9f7a6a9f30885607d66d0d12c422d4ecf668fc6c
- SHA256
  
  52cceb7014050cfcecc7c10c7ea067b20c26dbf33cec0a9cef88cbddcb048836
- SHA512
  
  13d8661cd3357057ab8ae1fd01e32cec925b4451fa1068932b5227f82a3b0b15adc12ed260d03f3e376ccea680c23165e8ca67904534ca1ecc3f5795e5d77380
- SSDEEP
  
  6144:c1PrHGV3QVKxsytQJBxeMmQspEPhsGa3JB7UgG6H:c1PyV3AevQeEPhbiS
Score

3^/10
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkgatekaitoshiba123stealer

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6