darkgate | b5e3be1d34811cfa64393cec0987cb16f8e08a111109fd641c9b5416da4f3e7b | Triage

Submit
Reports

Overview

overview

Static

static

1

de69281050...ad.msi

windows7-x64

de69281050...ad.msi

windows10-2004-x64

6

Sharing

General

Target

de69281050c18627c8e75a3f4cdf933db77ace2a8dd13ef753f61ad6e0a405ad.zip
Size

1.6MB
Sample

240402-l65a3sec4t
MD5

093c809327704037dfc9f15504a6637e
SHA1

774eddc8f48f5f2451aabec2613b1709af31bef5
SHA256

b5e3be1d34811cfa64393cec0987cb16f8e08a111109fd641c9b5416da4f3e7b
SHA512

4bcf780843282a5352b00945845294aac7d8c41d04a003e5d92417bd92b03b676715ddd2cb38ed992f8caf2831c2bfb849c258697502dcaad69fc5e5e0a6d2c8
SSDEEP

49152:k3brHH2Zd5nWj4PUW/7/sSfYbPNy2XERTu2:InngrWcU2LsVxKu2

Score

10^/10

darkgate admin888 discovery stealer

Static task

static1

Behavioral task

behavioral1

Sample

de69281050c18627c8e75a3f4cdf933db77ace2a8dd13ef753f61ad6e0a405ad.msi

Resource

win7-20240221-en

darkgate admin888 discovery stealer

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

de69281050c18627c8e75a3f4cdf933db77ace2a8dd13ef753f61ad6e0a405ad.msi

Resource

win10v2004-20240226-en

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

darkgate

Botnet

admin888

C2

pjnbadfjandkadm3kd.com

Attributes

anti_analysis
false
anti_debug
false
anti_vm
false
c2_port
80
check_disk
true
check_ram
true
check_xeon
false
crypter_au3
false
crypter_dll
false
crypter_raw_stub
false
internal_mutex
wVImrJRl
minimum_disk
100
minimum_ram
7000
ping_interval
6
rootkit
false
startup_persistence
true
username
admin888

Targets

- Target
  
  de69281050c18627c8e75a3f4cdf933db77ace2a8dd13ef753f61ad6e0a405ad.msi
- Size
  
  3.2MB
- MD5
  
  6922c8d97e6d60135a3c55302ce1eecf
- SHA1
  
  f3714edb96b5db59b392058292ed486dfd3d3629
- SHA256
  
  de69281050c18627c8e75a3f4cdf933db77ace2a8dd13ef753f61ad6e0a405ad
- SHA512
  
  2477b8432ffd9a0873608d978b30a8eea129d6180a18437a3a204c875ec2469e4eb0db2a6c52b6d2bb3e1881fcb0e1e29934d73608499694545cfdda5bf53494
- SSDEEP
  
  49152:qpUPqczdMZnZajVw8XsmOL8ruQO7/rsGQNTRJD+jQW/XRaWEr1bCU:qpmBUZaZw8u8rJOjrsG2apKGU
Score

10^/10

darkgate admin888 discovery stealer
- DarkGate
  DarkGate is an infostealer written in C++.
  stealer darkgate
- Detect DarkGate stealer
- Modifies file permissions
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkgateadmin888discoverystealer

behavioral2

© 2018-2025

Terms | Privacy