darkgate | 65557538089827a67b4aa9fa91faeb4d29c06904bf71b01626e4c94e01199b0d | Triage

Sharing

General

Target

03042024_0058_QB76678.zip
Size

1KB
Sample

240402-vg366aga37
MD5

c00c017286538eb1b93b9d759d5f3d60
SHA1

d939e59c907943671a767b7c31b8232cc25e1002
SHA256

65557538089827a67b4aa9fa91faeb4d29c06904bf71b01626e4c94e01199b0d
SHA512

71cd19e8ceb604dc322b4a9bac70df46e270558600595574ef31f3ad9fd95cd61da8e1cec450376f27835042a1bd0f4a3faa3c7187e72e22002c4655b84cde27

Score

10^/10

darkgate admin888 stealer

Malware Config

Extracted

Family

darkgate

Botnet

admin888

C2

31yc.com

Attributes

anti_analysis
true
anti_debug
false
anti_vm
true
c2_port
80
check_disk
false
check_ram
false
check_xeon
false
crypter_au3
false
crypter_dll
false
crypter_raw_stub
false
internal_mutex
BduXyRPb
minimum_disk
100
minimum_ram
4096
ping_interval
6
rootkit
false
startup_persistence
true
username
admin888

Targets

- Target
  
  QB76678.vbs
- Size
  
  5KB
- MD5
  
  5887ae3cc4fb010b40b2bc51abfdc0a6
- SHA1
  
  b1ba11715fabbed6fb10065eedfcfe82e24057e4
- SHA256
  
  51cbe66857d56d31c77fd7c641f9ca51599094f5e6b57feebed3862a519a10d4
- SHA512
  
  29db154dd32298678a9d7c74330886dda95aace22c4dd624ace3b0dc6d870650ff7bd6af43c65a6d144afe2235fb93f15906b2e17849c8c051bf3e8972373531
- SSDEEP
  
  96:YMg1GM9rgkCDQYIwBZDclgjUQ4QYZFN3QjUuGNzUoHtDC8X3NXcy:YMg119gkCtL3IqSPN3QzGNzUoNJnNsy
Score

10^/10

darkgate admin888 stealer
- DarkGate
  DarkGate is an infostealer written in C++.
  stealer darkgate
- Detect DarkGate stealer
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

darkgateadmin888stealer