darkgate | 9210885dda9facfc569240e788cf6e87ba68a54ebeeab8c707293375f3265073 | Triage

Submit
Reports

Overview

overview

Static

static

3

9210885dda...1).dll

windows7-x64

1

9210885dda...1).dll

windows10-2004-x64

Sharing

General

Target

9210885dda9facfc569240e788cf6e87ba68a54ebeeab8c707293375f3265073 (1)
Size

25.9MB
Sample

240423-l17t1sfd27
MD5

e663ff1bb6be044d698d15a3bc74b822
SHA1

f67ec8ed6895296fa115e8a4443e41a0dbd733c2
SHA256

9210885dda9facfc569240e788cf6e87ba68a54ebeeab8c707293375f3265073
SHA512

d93fe2f67ce89fa6b8b195f14b9341186a2218ba382100a49c0d96f03a6224247ec3ce69a9928b9e4feee056a13f7b7a157d46d0fe65dd761a578a40e8ed7013
SSDEEP

196608:p5H3zHriM3lONIfjm0S6VFWxtswdO8Nw3MRfW8+IiAp7kz8roTsWbbh7nkMz9ha4:frmKSPoTsWbbh7nkMJRNc4Y/kyZpJIV

Score

10^/10

darkgate seal001 persistence stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

9210885dda9facfc569240e788cf6e87ba68a54ebeeab8c707293375f3265073 (1).dll

Resource

win7-20240220-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral2

Sample

9210885dda9facfc569240e788cf6e87ba68a54ebeeab8c707293375f3265073 (1).dll

Resource

win10v2004-20240412-en

darkgate seal001 persistence stealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

darkgate

Botnet

seal001

C2

185.196.220.194

Attributes

anti_analysis
false
anti_debug
false
anti_vm
false
c2_port
80
check_disk
false
check_ram
false
check_xeon
false
crypter_au3
false
crypter_dll
false
crypter_raw_stub
false
internal_mutex
zsVUqEDO
minimum_disk
100
minimum_ram
4096
ping_interval
6
rootkit
false
startup_persistence
false
username
seal001

Targets

- Target
  
  9210885dda9facfc569240e788cf6e87ba68a54ebeeab8c707293375f3265073 (1)
- Size
  
  25.9MB
- MD5
  
  e663ff1bb6be044d698d15a3bc74b822
- SHA1
  
  f67ec8ed6895296fa115e8a4443e41a0dbd733c2
- SHA256
  
  9210885dda9facfc569240e788cf6e87ba68a54ebeeab8c707293375f3265073
- SHA512
  
  d93fe2f67ce89fa6b8b195f14b9341186a2218ba382100a49c0d96f03a6224247ec3ce69a9928b9e4feee056a13f7b7a157d46d0fe65dd761a578a40e8ed7013
- SSDEEP
  
  196608:p5H3zHriM3lONIfjm0S6VFWxtswdO8Nw3MRfW8+IiAp7kz8roTsWbbh7nkMz9ha4:frmKSPoTsWbbh7nkMJRNc4Y/kyZpJIV
Score

10^/10

darkgate seal001 persistence stealer
- DarkGate
  DarkGate is an infostealer written in C++.
  stealer darkgate
- Detect DarkGate stealer
- Adds Run key to start application
  persistence
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

darkgateseal001persistencestealer

© 2018-2024

Terms | Privacy