darkgate | b016b4d6bae0db98203a8886360d5dd738121f8da27cb0607f6869d96f0724a2 | Triage

Submit
Reports

Overview

overview

Static

static

1

prtyhguafelif.msi

windows7-x64

prtyhguafelif.msi

windows10-2004-x64

Sharing

General

Target

186d9c0570ab746e82adf1c11e9dacfd66952958192e7e6cfd03561e2a66053f.zip
Size

1.9MB
Sample

240402-l6zetsef76
MD5

2ddd62fbb461ae748ac15c82bf65b763
SHA1

03a8b068e75696b34b68cb2b395628f3d53e4ff2
SHA256

b016b4d6bae0db98203a8886360d5dd738121f8da27cb0607f6869d96f0724a2
SHA512

7aabfbd9778b8ad7873c4421baf166bf743cf9b1783a68b8213fd5ed72bea788641a37b86800ade963df6f780ba0e8dfe41dc88b84ab350a0a56344adefa519e
SSDEEP

49152:Yeuteek4eo9zU+ZayLnJlMM4KbMbEbzM0rXRYzUVArPqC:VqC5r+ZaKXbVTRCUy3

Score

10^/10

darkgate admin888 discovery stealer

Static task

static1

Behavioral task

behavioral1

Sample

prtyhguafelif.msi

Resource

win7-20240319-en

darkgate admin888 discovery stealer

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

prtyhguafelif.msi

Resource

win10v2004-20240226-en

darkgate admin888 discovery stealer

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

darkgate

Botnet

admin888

C2

newdomainfortesteenestle.com

Attributes

anti_analysis
true
anti_debug
false
anti_vm
false
c2_port
443
check_disk
false
check_ram
true
check_xeon
false
crypter_au3
false
crypter_dll
false
crypter_raw_stub
false
internal_mutex
TFdsiUxb
minimum_disk
100
minimum_ram
4096
ping_interval
6
rootkit
false
startup_persistence
false
username
admin888

Targets

- Target
  
  prtyhguafelif.msi
- Size
  
  4.3MB
- MD5
  
  34d86486c3fa02eee70fc0c0d4eefefe
- SHA1
  
  de35522f5d4981a272cc21e5900afe91516b5500
- SHA256
  
  3c130dd5bfba46230e49a87522411f716c4ef5ce8ff3c60ef450c5c5c2e75f45
- SHA512
  
  4e0cb69240f975e457db15389cc391ffe673f03d5b68113f3c43c4d6dd3714215ad9a7e3cee8eeeddaadf803ff024056f0ec592ed6b164f16136f27a970c707b
- SSDEEP
  
  49152:xpUP29qhCxzT+WKjSX2ull0vP7QwEm8dhPDg8cP5wpmC2eg+/xAiPr0ZHMWtBpG/:xppCQxlEDQwEm4d1c6pmC2e3/nIP
Score

10^/10

darkgate admin888 discovery stealer
- DarkGate
  DarkGate is an infostealer written in C++.
  stealer darkgate
- Detect DarkGate stealer
- Modifies file permissions
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkgateadmin888discoverystealer

behavioral2

darkgateadmin888discoverystealer

© 2018-2025

Terms | Privacy