darkgate | e57cfdc8cbbcbc832fc1e1e0213900eeb6523a4009982ecefc3cb72da4d3358d | Triage

Submit
Reports

Overview

overview

Static

static

3

Tax_Document.pdf.exe

windows10-1703-x64

Sharing

General

Target

Archive 2.zip
Size

14.3MB
Sample

240424-ynezpage29
MD5

6caf2bb4bd698ac94904282daf87b623
SHA1

6d9529ea08affdbf502abb051dff0b35d708aa39
SHA256

e57cfdc8cbbcbc832fc1e1e0213900eeb6523a4009982ecefc3cb72da4d3358d
SHA512

d5b272af4a31ba4b1a36f32cc8a54cf099509848260dc3037a8024a5fcfebfbe6e630f27f17f222e2ecc60b4e516a7425040fedb3b4f7b9dd7efffbbd68e713d
SSDEEP

393216:tn9X3xbSiX0a8Mm+9MNxzOJlSvIh6O3iP9jrJ6u6PajNH:tn9XheiV8MloUh6O3oRJ4yp

Score

10^/10

darkgate seal001 persistence stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Tax_Document.pdf.exe

Resource

win10-20240404-en

darkgate seal001 persistence stealer

windows10-1703-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

darkgate

Botnet

seal001

C2

185.196.220.194

Attributes

anti_analysis
false
anti_debug
false
anti_vm
false
c2_port
80
check_disk
false
check_ram
false
check_xeon
false
crypter_au3
false
crypter_dll
false
crypter_raw_stub
false
internal_mutex
QPNVenzK
minimum_disk
100
minimum_ram
4096
ping_interval
6
rootkit
false
startup_persistence
false
username
seal001

Targets

- Target
  
  Tax_Document.pdf.exe
- Size
  
  8.7MB
- MD5
  
  04b527ca1b634ee5ed0cad4ab6ddd407
- SHA1
  
  5f1bcd549190d3a34e8b574fe1820583c60f9caf
- SHA256
  
  b54c8e984dbfed0bb80a5fdff2637a2e56a146f85a2712c29bef509d088ceb69
- SHA512
  
  04fb6e32258bbe4a809da69d87dcac9fe3867402e7bab6b0a3fa6c42a46754665cf81d975a97c98c50b97aa870f164a48fec4eedc6a69214e6ff7a18b850b720
- SSDEEP
  
  196608:dIgfnrpGKt1OEb0QtF+OCd6EWhKUzGZBvRadSP+fsjp8//k:dIgFGKtcEb0QtFf0WhKUzGZBvRadWy/k
Score

10^/10

darkgate seal001 persistence stealer
- DarkGate
  DarkGate is an infostealer written in C++.
  stealer darkgate
- Detect DarkGate stealer
- Adds Run key to start application
  persistence
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkgateseal001persistencestealer

© 2018-2025

Terms | Privacy