darkgate | 5b3382faf060e55b994fb6fb9adc023b75ead723e0213c64fabd22a65f59e88c | Triage

Sharing

General

Target

data.zip
Size

1.4MB
Sample

240423-weabqsad2s
MD5

f12f73f6680af8008ead5f36bf0bb603
SHA1

a2baed066b275e827604cc537dc141237c3cd4a1
SHA256

5b3382faf060e55b994fb6fb9adc023b75ead723e0213c64fabd22a65f59e88c
SHA512

e56ac0c33e5e9f25a53b1df948b429a76b76a17a9209aa1e8e4f020f8eeed1214374217964c3e4dd84183362de07059762702f79256422e0e2ec5b139012b6c5
SSDEEP

24576:ZQq5mgRbTCJJd/pMpFYc/CDPqQTF/aCxWRdajKHew/9/V8lh69w6JxLahYuq:ZQebTCJbGtaDdaCxadajkPN8lhkxs9q

Score

10^/10

darkgate kaitoshiba123 stealer

Malware Config

Extracted

Family

darkgate

Botnet

kaitoshiba123

C2

45.63.52.184

Attributes

anti_analysis
true
anti_debug
false
anti_vm
true
c2_port
8094
check_disk
false
check_ram
false
check_xeon
false
crypter_au3
false
crypter_dll
false
crypter_raw_stub
false
internal_mutex
EhuJByqk
minimum_disk
100
minimum_ram
4096
ping_interval
6
rootkit
false
startup_persistence
true
username
kaitoshiba123

Targets

- Target
  
  abc.exe
- Size
  
  39KB
- MD5
  
  f1b14f71252de9ac763dbfbfbfc8c2dc
- SHA1
  
  dcc2dcb26c1649887f1d5ae557a000b5fe34bb98
- SHA256
  
  796ea1d27ed5825e300c3c9505a87b2445886623235f3e41258de90ba1604cd5
- SHA512
  
  636a32fb8a88a542783aa57fe047b6bca47b2bd23b41b3902671c4e9036c6dbb97576be27fd2395a988653e6b63714277873e077519b4a06cdc5f63d3c4224e0
- SSDEEP
  
  768:YRQnUhG5bZDOTpkdD82YbQkRFokFWIILPUh:FWObZDOTpk5T6zqAh
Score

10^/10

darkgate kaitoshiba123 stealer
- DarkGate
  DarkGate is an infostealer written in C++.
  stealer darkgate
- Detect DarkGate stealer
- Executes dropped EXE
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkgatekaitoshiba123stealer

behavioral2

behavioral3