darkgate | a333d81913f8dcfc62440055dec0396b39ef3296eb3defeff393a153c6b044dc | Triage

Submit
Reports

Overview

overview

Static

static

1

hacks.txt

windows11-21h2-x64

Sharing

General

Target

hacks.txt
Size

84B
Sample

240424-xm276afe44
MD5

e751540f9566e0b6b21b8793f32c1322
SHA1

25092e2748f6e1d2fb75c9e3d0f18a867744a74f
SHA256

a333d81913f8dcfc62440055dec0396b39ef3296eb3defeff393a153c6b044dc
SHA512

e89d2cdf799a3ba8ad5ea26e542708d0b756f4e8719611e1c6380fbb7c044dd7a953fe23ae7570118b8959d42e84422cd04f1fd604fc940b8bce6a4296a651ff

Score

10^/10

darkgate seal001 adobe persistence phishing stealer

Static task

static1

Behavioral task

behavioral1

Sample

hacks.txt

Resource

win11-20240412-en

darkgate seal001 adobe persistence phishing stealer

windows11-21h2-x64

18 signatures

1200 seconds

Malware Config

Extracted

Family

darkgate

Botnet

seal001

C2

185.196.220.194

Attributes

anti_analysis
false
anti_debug
false
anti_vm
false
c2_port
80
check_disk
false
check_ram
false
check_xeon
false
crypter_au3
false
crypter_dll
false
crypter_raw_stub
false
internal_mutex
QPNVenzK
minimum_disk
100
minimum_ram
4096
ping_interval
6
rootkit
false
startup_persistence
false
username
seal001

Targets

- Target
  
  hacks.txt
- Size
  
  84B
- MD5
  
  e751540f9566e0b6b21b8793f32c1322
- SHA1
  
  25092e2748f6e1d2fb75c9e3d0f18a867744a74f
- SHA256
  
  a333d81913f8dcfc62440055dec0396b39ef3296eb3defeff393a153c6b044dc
- SHA512
  
  e89d2cdf799a3ba8ad5ea26e542708d0b756f4e8719611e1c6380fbb7c044dd7a953fe23ae7570118b8959d42e84422cd04f1fd604fc940b8bce6a4296a651ff
Score

10^/10

darkgate seal001 adobe persistence phishing stealer
- DarkGate
  DarkGate is an infostealer written in C++.
  stealer darkgate
- Detect DarkGate stealer
- Detected adobe phishing page
  phishing adobe
- Adds Run key to start application
  persistence
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

darkgateseal001adobepersistencephishingstealer

© 2018-2024

Terms | Privacy