darkgate | 1bd218a18ef1965769ccbb750a737879244fdbf33275bfa925dd237e05754f99 | Triage

Submit
Reports

Overview

overview

Static

static

1

ea673e0e69...b3.msi

windows7-x64

ea673e0e69...b3.msi

windows10-2004-x64

Sharing

General

Target

ea673e0e6986e41a73c19dd2a9cfde3d2d4186ef52c23c1253dde2d54faca7b3.zip
Size

1.9MB
Sample

240402-l65lvaec4w
MD5

a1e25b462cb92179925f9e7caa7e24c9
SHA1

31a41b6c579894b02bab632fcc5c54f1d4575e92
SHA256

1bd218a18ef1965769ccbb750a737879244fdbf33275bfa925dd237e05754f99
SHA512

7294f075f707ecb0a2422a50d784190697c03007f976867a599efcdd9ca0984468f7caeba78fa9179f62e9d8ba8fc76e2bee4415bc43519e6fc55259a88e7127
SSDEEP

49152:n394IvUF9SXLhZviHF/5yRosJWWZ/KTN6IfmI34:3CnD8VQHF/hAWWq8I534

Score

10^/10

darkgate admin888 discovery stealer

Static task

static1

Behavioral task

behavioral1

Sample

ea673e0e6986e41a73c19dd2a9cfde3d2d4186ef52c23c1253dde2d54faca7b3.msi

Resource

win7-20240221-en

darkgate admin888 discovery stealer

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

ea673e0e6986e41a73c19dd2a9cfde3d2d4186ef52c23c1253dde2d54faca7b3.msi

Resource

win10v2004-20240226-en

darkgate admin888 discovery stealer

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

darkgate

Botnet

admin888

C2

38.180.60.31

Attributes

anti_analysis
true
anti_debug
false
anti_vm
false
c2_port
80
check_disk
true
check_ram
true
check_xeon
false
crypter_au3
false
crypter_dll
false
crypter_raw_stub
false
internal_mutex
yjuEPWsj
minimum_disk
30
minimum_ram
4096
ping_interval
6
rootkit
false
startup_persistence
true
username
admin888

Targets

- Target
  
  ea673e0e6986e41a73c19dd2a9cfde3d2d4186ef52c23c1253dde2d54faca7b3.msi
- Size
  
  3.7MB
- MD5
  
  426a59cd5e215e9f3696c1dcc8455d20
- SHA1
  
  255d113da1dc32c3b341e643c01e9f5a13e060de
- SHA256
  
  ea673e0e6986e41a73c19dd2a9cfde3d2d4186ef52c23c1253dde2d54faca7b3
- SHA512
  
  4b684a97aa6d3b08459b69fb610b6ad5458de56c056f79e91e164cd8914f58ed8734ea4493bbac42c18982a80ffea30d6ba4306ef722bafc49debd4b0f68540a
- SSDEEP
  
  49152:TpUPbczduZ0Yx87nxODZGMFLnd+A1m4wcMO6XOf4BmCk2ZlZ:Tp1BB7nxOtFjfBwpOff4BmCk2Zl
Score

10^/10

darkgate admin888 discovery stealer
- DarkGate
  DarkGate is an infostealer written in C++.
  stealer darkgate
- Detect DarkGate stealer
- Modifies file permissions
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkgateadmin888discoverystealer

behavioral2

darkgateadmin888discoverystealer

© 2018-2025

Terms | Privacy