darkgate | 2ffd2fd6ce48e9473299266cfab5e8143bf8e1b8fc7d7ef7cf33786be044a472 | Triage

Submit
Reports

Overview

overview

Static

static

1

8GMgV5a1fsLKxv.msi

windows7-x64

8GMgV5a1fsLKxv.msi

windows10-2004-x64

Sharing

General

Target

4b1b26a4b42e7a0198b3aaccede9293a760f7f1b4f373480be1c4bb33b2f74c6.zip
Size

1.9MB
Sample

240402-l61mwsef82
MD5

100ae3091455da0be0837c490607835f
SHA1

22e4fcc920038d73655967c68aa723345c8a246d
SHA256

2ffd2fd6ce48e9473299266cfab5e8143bf8e1b8fc7d7ef7cf33786be044a472
SHA512

83f5a19d980442f1be9d67e3578e789c62263173accec4d64ed238fada8acec171e1394f859f95c15ced9d3e7e89c2c2c6bf7f4f937a5aeca2034c738bf0311e
SSDEEP

49152:ZZF6w0jjfe2QkOMOkhYkhvCg9RFTJpA8pRjKIgrjW:ZZRcfHQkOMOkKCv9RFzzHuIuq

Score

10^/10

darkgate admin888 discovery stealer

Static task

static1

Behavioral task

behavioral1

Sample

8GMgV5a1fsLKxv.msi

Resource

win7-20240221-en

darkgate admin888 discovery stealer

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

8GMgV5a1fsLKxv.msi

Resource

win10v2004-20240226-en

darkgate admin888 discovery stealer

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

darkgate

Botnet

admin888

C2

newdomainfortesteenestle.com

Attributes

anti_analysis
true
anti_debug
false
anti_vm
false
c2_port
443
check_disk
true
check_ram
true
check_xeon
false
crypter_au3
false
crypter_dll
false
crypter_raw_stub
false
internal_mutex
GWNUbwRE
minimum_disk
100
minimum_ram
4096
ping_interval
6
rootkit
false
startup_persistence
false
username
admin888

Targets

- Target
  
  8GMgV5a1fsLKxv.msi
- Size
  
  4.3MB
- MD5
  
  643541e25802b30249ba4fd2f549e244
- SHA1
  
  df45dbb9c09775be5567cf8dd92b8bf8e77dcc43
- SHA256
  
  e5e94056346367f7a8cf31fd7a2a47b4004623f1c8b74cb8f5d6ae110bef134a
- SHA512
  
  8c8aa5e51f22fc9f3edf3c292b535963745599833b2041746141467a3a490ba92274dfafa27b2d896639a3ca25740261779c129c20e004daa0ea56e6937c66d8
- SSDEEP
  
  49152:ipUPP9qhCxzT+WKjSXsE6wsGjXZq5+iLirfmiiiiiiiiiQg7Xgnct6NymxAiOYUI:ipUCQHsWPieI5tjT
Score

10^/10

darkgate admin888 discovery stealer
- DarkGate
  DarkGate is an infostealer written in C++.
  stealer darkgate
- Detect DarkGate stealer
- Modifies file permissions
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkgateadmin888discoverystealer

behavioral2

darkgateadmin888discoverystealer

© 2018-2025

Terms | Privacy