darkgate | cbaee40ffd6727d6d5b207d524e19f95535a0d898ce9df6611069b8b8ff252c1 | Triage

Submit
Reports

Overview

overview

Static

static

1

9a8b0ebe7b...12.zip

windows7-x64

5

9a8b0ebe7b...12.zip

windows10-2004-x64

Resubmissions

20-05-2024 05:05

240520-fq6lbade9v 10

20-05-2024 04:53

240520-fh1ebsdb7w 5

Sharing

General

Target

17350828993.zip
Size

801KB
Sample

240520-fq6lbade9v
MD5

752dd43d527768baacfba9e3f9d3d614
SHA1

acdaaaee1d3de3afc1f4342c45aaf00c8d1a9aa4
SHA256

cbaee40ffd6727d6d5b207d524e19f95535a0d898ce9df6611069b8b8ff252c1
SHA512

272e0125bbe8962708f5fdd1422e978e291a7870a9f91f8bfe88a7f8e643b29f0b50a785b8d7fbdf097d1bff303a663679fecf8039fbee021817f88955a9eb39
SSDEEP

12288:xr1yPvVv8FELpU1l5Y7tN+l0eb8P07wpKCp6armIc34pyzx1K415XJzrBg:jWJ8GpFf+/b1ezp6aRBy31LrBg

Score

10^/10

darkgate admin888 execution stealer

Static task

static1

Behavioral task

behavioral1

Sample

9a8b0ebe7b18da6e638fdc9f7e1353c56a561419b12932aff6b0a42a7fe6ac12.zip

Resource

win7-20240221-en

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

9a8b0ebe7b18da6e638fdc9f7e1353c56a561419b12932aff6b0a42a7fe6ac12.zip

Resource

win10v2004-20240426-en

darkgate admin888 execution stealer

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

darkgate

Botnet

admin888

C2

mylittlecabbage.net

Attributes

anti_analysis
true
anti_debug
false
anti_vm
true
c2_port
80
check_disk
false
check_ram
false
check_xeon
false
crypter_au3
false
crypter_dll
false
crypter_raw_stub
false
internal_mutex
buVuErfH
minimum_disk
100
minimum_ram
4096
ping_interval
6
rootkit
false
startup_persistence
true
username
admin888

Targets

- Target
  
  9a8b0ebe7b18da6e638fdc9f7e1353c56a561419b12932aff6b0a42a7fe6ac12
- Size
  
  802KB
- MD5
  
  96bb795d111717109fac22f8433c7e27
- SHA1
  
  daf03c1faa4290b7f4eeec983110a8bd7858b834
- SHA256
  
  9a8b0ebe7b18da6e638fdc9f7e1353c56a561419b12932aff6b0a42a7fe6ac12
- SHA512
  
  cccf6b4736b6e33ec1bcd020d8f1fb67cc0a9e72a841a5dc7a2f81e62e54b20324bd0b5b1edcc5073becf12cc07584e77cef8c997fe4f4702d85b06ea488d988
- SSDEEP
  
  24576:YIAjSP9123EtVDkL+zNRbMtv4J0RXTTwaK:YIF91BVIazHotC0RXTTwaK
Score

10^/10

execution darkgate admin888 stealer
- DarkGate
  DarkGate is an infostealer written in C++.
  stealer darkgate
- Detect DarkGate stealer
- Command and Scripting Interpreter: AutoIT
  Using AutoIT for possible automate script.
  execution
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

darkgateadmin888executionstealer

© 2018-2024

Terms | Privacy