darkgate | 92c7797fa3014dc81b4ffe19e5c82703254a04b14548204a00a16afbfabd2543 | Triage

Submit
Reports

Overview

overview

Static

static

1

3bf9981051...7e.msi

windows7-x64

3bf9981051...7e.msi

windows10-2004-x64

Sharing

General

Target

3bf99810510c197b9cd6e434d95417515dbc42f94b11bbf9916ec160066eb77e.zip
Size

2.4MB
Sample

240402-l6z2cseb9y
MD5

fa4a4364bc07594dc8a86a02e2765efd
SHA1

d571289c42968b533bec1e0e29baaadb3458a102
SHA256

92c7797fa3014dc81b4ffe19e5c82703254a04b14548204a00a16afbfabd2543
SHA512

f253fad36d75b416b06f25ab6ba3e183b22f6d22609689aea35c78fd3499590ce10af4b2c016253a4f545cc3b777441ab8899eff2015a495be2cfb2c155f2412
SSDEEP

49152:XzEG+zF+6iw0/vGuzpuyDs+VLn+8fOkH189WEgxeGtk2ndrWRfU7s9rv5jrP:Xb+B+6iw02uzpu4TJ/VBxLkSSp7

Score

10^/10

darkgate admin888 discovery stealer

Static task

static1

Behavioral task

behavioral1

Sample

3bf99810510c197b9cd6e434d95417515dbc42f94b11bbf9916ec160066eb77e.msi

Resource

win7-20240221-en

darkgate admin888 discovery stealer

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

3bf99810510c197b9cd6e434d95417515dbc42f94b11bbf9916ec160066eb77e.msi

Resource

win10v2004-20240226-en

darkgate admin888 discovery stealer

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

darkgate

Botnet

admin888

C2

prodomainnameeforappru.com

Attributes

anti_analysis
true
anti_debug
false
anti_vm
false
c2_port
443
check_disk
false
check_ram
false
check_xeon
false
crypter_au3
false
crypter_dll
false
crypter_raw_stub
false
internal_mutex
WeBiMyRU
minimum_disk
50
minimum_ram
7000
ping_interval
6
rootkit
false
startup_persistence
true
username
admin888

Targets

- Target
  
  3bf99810510c197b9cd6e434d95417515dbc42f94b11bbf9916ec160066eb77e.msi
- Size
  
  5.8MB
- MD5
  
  2999391319cda1be5dacfaf5b05062b2
- SHA1
  
  c983b7dff2ea4c63f3944e639eb54d0e6b0b655f
- SHA256
  
  3bf99810510c197b9cd6e434d95417515dbc42f94b11bbf9916ec160066eb77e
- SHA512
  
  1b9a7e5211979f37097c28122cbe99b5ec81ca3caa07944ddaba1afb2515ef3545f92bce35efa87914221016867f88b9b64c7a6a07e8e3f0cb556182047c7f27
- SSDEEP
  
  49152:NpUPFUhtSTK+0THkWsN8SDYdvH5eoQDWeEHHhRgWEF9nuriG7DrFWoRRRJuGgagL:NpMnFDcEWoVoFWRGga5q
Score

10^/10

darkgate admin888 discovery stealer
- DarkGate
  DarkGate is an infostealer written in C++.
  stealer darkgate
- Detect DarkGate stealer
- Modifies file permissions
  discovery
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkgateadmin888discoverystealer

behavioral2

darkgateadmin888discoverystealer

© 2018-2025

Terms | Privacy