darkgate | bb001420d0e81479431a80fd8e753097a43bfc1b90a955be131f44d5dfb0d80f | Triage

Submit
Reports

Overview

overview

Static

static

1

doomday.msi

windows7-x64

doomday.msi

windows10-2004-x64

Sharing

General

Target

55ceb913cdd2514c28c7fb4e5c26967aa9a9d71fdc81d408ad333c5dde7a8c6e.zip
Size

1.8MB
Sample

240402-l619esef85
MD5

813ab608582bf7037677401892f5f185
SHA1

4c720f56bcc2eb26d544ffb5a6e26761f97e0c92
SHA256

bb001420d0e81479431a80fd8e753097a43bfc1b90a955be131f44d5dfb0d80f
SHA512

ee5a73117e7d9707a5cd0f3553e84933f0c20bd07280c1d4f016c0116ef94929f7efe7e8376136c2993fa4a356b72a7a4c620e53bd1b0aa7eaa56907e095ad19
SSDEEP

49152:jDEVVWHSvKHt48OtW1HCNKx4yjgBUjZJGZn:XIkwUolB

Score

10^/10

darkgate admin888 discovery stealer

Static task

static1

Behavioral task

behavioral1

Sample

doomday.msi

Resource

win7-20240221-en

darkgate admin888 discovery stealer

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

doomday.msi

Resource

win10v2004-20240226-en

darkgate admin888 discovery stealer

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

darkgate

Botnet

admin888

C2

38.180.60.31

Attributes

anti_analysis
true
anti_debug
false
anti_vm
false
c2_port
80
check_disk
true
check_ram
true
check_xeon
false
crypter_au3
false
crypter_dll
false
crypter_raw_stub
false
internal_mutex
yjuEPWsj
minimum_disk
30
minimum_ram
4096
ping_interval
6
rootkit
false
startup_persistence
true
username
admin888

Targets

- Target
  
  doomday.msi
- Size
  
  3.7MB
- MD5
  
  426a59cd5e215e9f3696c1dcc8455d20
- SHA1
  
  255d113da1dc32c3b341e643c01e9f5a13e060de
- SHA256
  
  ea673e0e6986e41a73c19dd2a9cfde3d2d4186ef52c23c1253dde2d54faca7b3
- SHA512
  
  4b684a97aa6d3b08459b69fb610b6ad5458de56c056f79e91e164cd8914f58ed8734ea4493bbac42c18982a80ffea30d6ba4306ef722bafc49debd4b0f68540a
- SSDEEP
  
  49152:TpUPbczduZ0Yx87nxODZGMFLnd+A1m4wcMO6XOf4BmCk2ZlZ:Tp1BB7nxOtFjfBwpOff4BmCk2Zl
Score

10^/10

darkgate admin888 discovery stealer
- DarkGate
  DarkGate is an infostealer written in C++.
  stealer darkgate
- Detect DarkGate stealer
- Modifies file permissions
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkgateadmin888discoverystealer

behavioral2

darkgateadmin888discoverystealer

© 2018-2025

Terms | Privacy