darkgate | 695447796ff245ab4531d092f4cb566e79e1aafd9b5c28f606059fdeafbbe6b6 | Triage

Submit
Reports

Overview

overview

Static

static

3

Tax_Docume...RS.dll

windows7-x64

Tax_Docume...RS.dll

windows10-2004-x64

Tax_Docume...nt.exe

windows7-x64

Tax_Docume...nt.exe

windows10-2004-x64

Sharing

General

Target

05042024_0242_Tax_Document.zip
Size

1.3MB
Sample

240404-xcdf2sfa6x
MD5

268e1927c0b44ab25b8b1ee361dfa0ce
SHA1

21082b0b99a0a19313f11d09eed3a7b430d39125
SHA256

695447796ff245ab4531d092f4cb566e79e1aafd9b5c28f606059fdeafbbe6b6
SHA512

8232c923930e2d6eb51cad4b87af1837a8f93f8676d2ad957eb84aac55c10c7f3240b69f66c20168bb583df0ee2759fd0f4d0303446d20e2b04d2791d53c6833
SSDEEP

24576:drS/FQQzGKHP6zFmsp2anGjYq5tovAFswx+7G2RabHaaMh4:da7yKvkmsetov0WGvj2h4

Score

10^/10

darkgate seal1 stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Tax_Document/IVIEWERS.dll

Resource

win7-20240221-en

darkgate seal1 stealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

Tax_Document/IVIEWERS.dll

Resource

win10v2004-20240226-en

darkgate seal1 stealer

windows10-2004-x64

8 signatures

150 seconds

Behavioral task

behavioral3

Sample

Tax_Document/Tax_Document.exe

Resource

win7-20240221-en

darkgate seal1 stealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral4

Sample

Tax_Document/Tax_Document.exe

Resource

win10v2004-20240226-en

darkgate seal1 stealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

darkgate

Botnet

seal1

C2

193.142.146.203

Attributes

anti_analysis
false
anti_debug
false
anti_vm
false
c2_port
80
check_disk
false
check_ram
false
check_xeon
false
crypter_au3
false
crypter_dll
false
crypter_raw_stub
false
internal_mutex
AVUHIwtf
minimum_disk
100
minimum_ram
4096
ping_interval
6
rootkit
false
startup_persistence
false
username
seal1

Targets

- Target
  
  Tax_Document/IVIEWERS.dll
- Size
  
  2.4MB
- MD5
  
  cd8fff708a1a99a4d3b5bfec49ae278a
- SHA1
  
  367050b2323952b52a11fcb55dd359e59637a884
- SHA256
  
  cbf2ceb3c5ebc6f1d8c09f3098176ded9503800cba77cfefa25ea9e0a8085ae3
- SHA512
  
  80485ca1ee306b2f9e6b18d747bfc148c3f69f98f58ade8d675babbabff20e4d387a3bb83e1ab05aff166a29df4eefeed8df989d2c8af339e68b4d365064eb68
- SSDEEP
  
  49152:fLRISHEkoozx3u4+iTjaipEluOhYBUvqQENPvGzf:fLRZzx3nql1UUSQENPvE
Score

10^/10

darkgate seal1 stealer
- DarkGate
  DarkGate is an infostealer written in C++.
  stealer darkgate
- Detect DarkGate stealer
- Blocklisted process makes network request
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1 behavioral2
- Target
  
  Tax_Document/Tax_Document.exe
- Size
  
  186KB
- MD5
  
  df33c821c06835a1349cbe3b0c65f24c
- SHA1
  
  5ddbb84801115d8e495b14c3963f6b174b5801f2
- SHA256
  
  0263663c5375289fa2550d0cff3553dfc160a767e718a9c38efc0da3d7a4b626
- SHA512
  
  13a9eff075b12b6ef398e103eda806ceed737665d35955c8882defd63ef0c9e25ecfe856ebf5560cbb61a02821ddcf9993290138fa8cdb0150ebbe0b7a1e6195
- SSDEEP
  
  3072:IUiDZK+VBulx0QtCggULGWtf5Ju+uaxObQPEoSlpcm8Cy/V:wZjz2NqWtfHduaxOEPJAcmgV
Score

10^/10

darkgate seal1 stealer
- DarkGate
  DarkGate is an infostealer written in C++.
  stealer darkgate
- Detect DarkGate stealer
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkgateseal1stealer

behavioral2

darkgateseal1stealer

behavioral3

darkgateseal1stealer

behavioral4

darkgateseal1stealer

© 2018-2025

Terms | Privacy