darkgate | 2982222c5a94fed295856c54fe76f34c1f475905dc548d386bd53c5a6ae83fa2 | Triage

Sharing

General

Target

2982222c5a94fed295856c54fe76f34c1f475905dc548d386bd53c5a6ae83fa2
Size

3.6MB
Sample

240603-yf3qsaha93
MD5

44ca2487d1d10874b20d67da5cbb9663
SHA1

faf314d0874919bf5a38ed70cb129d8e6ec18720
SHA256

2982222c5a94fed295856c54fe76f34c1f475905dc548d386bd53c5a6ae83fa2
SHA512

726f959799a23d042d63a07d1fc1858e4825c636a691874a69cde004dff357e8b87c2d1acce854ad4eb87e9968d969e1653f355cdab05be63657c73f2f454547
SSDEEP

49152:V9hD/eTVBtxro+/OEcJS679djc3AOP89:3hD/eTV1F/OEi7j2O

Score

10^/10

darkgate traf8y6y6u2 execution stealer

Malware Config

Extracted

Family

darkgate

Botnet

traf8y6y6u2

C2

91.222.173.242

Attributes

anti_analysis
true
anti_debug
false
anti_vm
true
c2_port
443
check_disk
false
check_ram
false
check_xeon
false
crypter_au3
false
crypter_dll
false
crypter_raw_stub
false
internal_mutex
mFedwJmF
minimum_disk
100
minimum_ram
4096
ping_interval
6
rootkit
false
startup_persistence
true
username
traf8y6y6u2

Targets

- Target
  
  2982222c5a94fed295856c54fe76f34c1f475905dc548d386bd53c5a6ae83fa2
- Size
  
  3.6MB
- MD5
  
  44ca2487d1d10874b20d67da5cbb9663
- SHA1
  
  faf314d0874919bf5a38ed70cb129d8e6ec18720
- SHA256
  
  2982222c5a94fed295856c54fe76f34c1f475905dc548d386bd53c5a6ae83fa2
- SHA512
  
  726f959799a23d042d63a07d1fc1858e4825c636a691874a69cde004dff357e8b87c2d1acce854ad4eb87e9968d969e1653f355cdab05be63657c73f2f454547
- SSDEEP
  
  49152:V9hD/eTVBtxro+/OEcJS679djc3AOP89:3hD/eTV1F/OEi7j2O
Score

10^/10

darkgate traf8y6y6u2 execution stealer
- DarkGate
  DarkGate is an infostealer written in C++.
  stealer darkgate
- Detect DarkGate stealer
- Executes dropped EXE
- Loads dropped DLL
- Command and Scripting Interpreter: AutoIT
  Using AutoIT for possible automate script.
  execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

AutoHotKey & AutoIT

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkgatetraf8y6y6u2executionstealer

behavioral2

darkgatetraf8y6y6u2executionstealer