darkgate | 56615b4952ef4120d50f68e32fcc74acf3b29630ffb43088db0808351fe04488 | Triage

Submit
Reports

Overview

overview

Static

static

1

e5e9405634...4a.msi

windows7-x64

e5e9405634...4a.msi

windows10-2004-x64

Sharing

General

Target

e5e94056346367f7a8cf31fd7a2a47b4004623f1c8b74cb8f5d6ae110bef134a.zip
Size

1.9MB
Sample

240402-l65lvaec4v
MD5

2f60e715686a4109102eb1d4fb04a635
SHA1

b5d321c0efbbabf8aba2579e9661182295131da4
SHA256

56615b4952ef4120d50f68e32fcc74acf3b29630ffb43088db0808351fe04488
SHA512

23bdc935b348626717ed09181168c1db29fa856af4af19d57281314d61fe7a88a2ccb9b2016006ec12aee2d48f8af758914482102f5f4b17b82cab3eb931c172
SSDEEP

49152:Kg9So5tI/xr7Amr+UrffwVbfHkSNlouAp1ECHMu:Kg88q/xrnr+UrQhfouAp/HMu

Score

10^/10

darkgate admin888 discovery stealer

Static task

static1

Behavioral task

behavioral1

Sample

e5e94056346367f7a8cf31fd7a2a47b4004623f1c8b74cb8f5d6ae110bef134a.msi

Resource

win7-20240221-en

darkgate admin888 discovery stealer

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

e5e94056346367f7a8cf31fd7a2a47b4004623f1c8b74cb8f5d6ae110bef134a.msi

Resource

win10v2004-20240226-en

darkgate admin888 discovery stealer

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

darkgate

Botnet

admin888

C2

newdomainfortesteenestle.com

Attributes

anti_analysis
true
anti_debug
false
anti_vm
false
c2_port
443
check_disk
true
check_ram
true
check_xeon
false
crypter_au3
false
crypter_dll
false
crypter_raw_stub
false
internal_mutex
GWNUbwRE
minimum_disk
100
minimum_ram
4096
ping_interval
6
rootkit
false
startup_persistence
false
username
admin888

Targets

- Target
  
  e5e94056346367f7a8cf31fd7a2a47b4004623f1c8b74cb8f5d6ae110bef134a.msi
- Size
  
  4.3MB
- MD5
  
  643541e25802b30249ba4fd2f549e244
- SHA1
  
  df45dbb9c09775be5567cf8dd92b8bf8e77dcc43
- SHA256
  
  e5e94056346367f7a8cf31fd7a2a47b4004623f1c8b74cb8f5d6ae110bef134a
- SHA512
  
  8c8aa5e51f22fc9f3edf3c292b535963745599833b2041746141467a3a490ba92274dfafa27b2d896639a3ca25740261779c129c20e004daa0ea56e6937c66d8
- SSDEEP
  
  49152:ipUPP9qhCxzT+WKjSXsE6wsGjXZq5+iLirfmiiiiiiiiiQg7Xgnct6NymxAiOYUI:ipUCQHsWPieI5tjT
Score

10^/10

darkgate admin888 discovery stealer
- DarkGate
  DarkGate is an infostealer written in C++.
  stealer darkgate
- Detect DarkGate stealer
- Modifies file permissions
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkgateadmin888discoverystealer

behavioral2

darkgateadmin888discoverystealer

© 2018-2025

Terms | Privacy