darkgate | 21f82d020b4f0d904a50f695988926c5c079ebaeb43afab23847f87bf28d60b0 | Triage

Submit
Reports

Overview

overview

Static

static

3

IVIEWERS.dll

windows7-x64

IVIEWERS.dll

windows10-2004-x64

TAX Organizer.exe

windows7-x64

TAX Organizer.exe

windows10-2004-x64

Sharing

General

Target

Tax_Organizer.zip
Size

1.3MB
Sample

240423-qvmn4sgg75
MD5

091195995898f7299279b886ca795d76
SHA1

2d1675741e7d964ace26cdb824a235390891ebee
SHA256

21f82d020b4f0d904a50f695988926c5c079ebaeb43afab23847f87bf28d60b0
SHA512

fa1c4c637f54de785b13e3a9bc036d6a435439b28009c4bb428498ab90e4425f76735c94e05cf21b8bf7de889f61d2b69333a6666c15dd9d0934ce741452534e
SSDEEP

24576:sy8GCs4wzPsY6JtgjqxuLNXKeOg1lfBqFt4x3HhQhxqXWd0C1VxQWcBOT:iGCKsY6U1L5z1/qD4x3jX4DQlC

Score

10^/10

darkgate tompang stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

IVIEWERS.dll

Resource

win7-20240221-en

darkgate tompang stealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

IVIEWERS.dll

Resource

win10v2004-20240412-en

darkgate tompang stealer

windows10-2004-x64

8 signatures

150 seconds

Behavioral task

behavioral3

Sample

TAX Organizer.exe

Resource

win7-20240221-en

darkgate tompang stealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral4

Sample

TAX Organizer.exe

Resource

win10v2004-20240412-en

darkgate tompang stealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

darkgate

Botnet

tompang

C2

78.142.18.222

Attributes

anti_analysis
false
anti_debug
false
anti_vm
false
c2_port
80
check_disk
false
check_ram
false
check_xeon
false
crypter_au3
false
crypter_dll
false
crypter_raw_stub
false
internal_mutex
ClUqWMEv
minimum_disk
100
minimum_ram
4096
ping_interval
6
rootkit
false
startup_persistence
false
username
tompang

Targets

- Target
  
  IVIEWERS.dll
- Size
  
  2.5MB
- MD5
  
  2c05d969633cb477ad7d4e4f4d47f632
- SHA1
  
  653838a5a15acadb049b0bfc0fd4b80557eddcc8
- SHA256
  
  ee49fc6117342373f3f5ddff5db3e39ea69d45b1f2b1b848815e3355073d0571
- SHA512
  
  9b1c9bb9e5949362bddb63296e01a834eb7dce69e4a1fdb735b2cdda09b8f33c72f0561925601ad7df02eb9adee874e8f910e87ba449a4ca0c591b1930202602
- SSDEEP
  
  49152:h566l2u45aAHNYFrz31Cv3D29kd6kjBD+7OcP0hB:h566l2u45aAHNYFrkvz29kdJjdTcPk
Score

10^/10

darkgate tompang stealer
- DarkGate
  DarkGate is an infostealer written in C++.
  stealer darkgate
- Detect DarkGate stealer
- Blocklisted process makes network request
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1 behavioral2
- Target
  
  TAX Organizer.exe
- Size
  
  186KB
- MD5
  
  df33c821c06835a1349cbe3b0c65f24c
- SHA1
  
  5ddbb84801115d8e495b14c3963f6b174b5801f2
- SHA256
  
  0263663c5375289fa2550d0cff3553dfc160a767e718a9c38efc0da3d7a4b626
- SHA512
  
  13a9eff075b12b6ef398e103eda806ceed737665d35955c8882defd63ef0c9e25ecfe856ebf5560cbb61a02821ddcf9993290138fa8cdb0150ebbe0b7a1e6195
- SSDEEP
  
  3072:IUiDZK+VBulx0QtCggULGWtf5Ju+uaxObQPEoSlpcm8Cy/V:wZjz2NqWtfHduaxOEPJAcmgV
Score

10^/10

darkgate tompang stealer
- DarkGate
  DarkGate is an infostealer written in C++.
  stealer darkgate
- Detect DarkGate stealer
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkgatetompangstealer

behavioral2

darkgatetompangstealer

behavioral3

darkgatetompangstealer

behavioral4

darkgatetompangstealer

© 2018-2025

Terms | Privacy