darkgate | a0dcdac44fa16cd484ff0575a060f28e5a07030c252162ead48d46703c6eb9ac | Triage

Sharing

General

Target

a0dcdac44fa16cd484ff0575a060f28e5a07030c252162ead48d46703c6eb9ac
Size

3.6MB
Sample

240610-svkwma1drg
MD5

485b75fa52b29dda71b63df18183e553
SHA1

14c84985e4984cb61eb101dc4faa7a7789576ba6
SHA256

a0dcdac44fa16cd484ff0575a060f28e5a07030c252162ead48d46703c6eb9ac
SHA512

96459378fdbd3d5d56854573051934eaa74123d6361d51bc942e46e7e369ff69b8813faddf70002e92c595b5713736e1634c33fda27426c0c7afe68f5b91768a
SSDEEP

49152:PHiOIp3J0tKUC+x+2xWVu0Vvrq9Vf0odWT1dw8m8FzRaN8T1/:PCpnUo2831qBW/e8za

Score

10^/10

darkgate x6x6x7x77xx6x6x67 execution stealer

Malware Config

Extracted

Family

darkgate

Botnet

x6x6x7x77xx6x6x67

C2

dr-networks.com

Attributes

anti_analysis
true
anti_debug
false
anti_vm
true
c2_port
80
check_disk
false
check_ram
false
check_xeon
false
crypter_au3
false
crypter_dll
false
crypter_raw_stub
false
internal_mutex
swMFGADk
minimum_disk
100
minimum_ram
4096
ping_interval
6
rootkit
false
startup_persistence
true
username
x6x6x7x77xx6x6x67

Targets

- Target
  
  a0dcdac44fa16cd484ff0575a060f28e5a07030c252162ead48d46703c6eb9ac
- Size
  
  3.6MB
- MD5
  
  485b75fa52b29dda71b63df18183e553
- SHA1
  
  14c84985e4984cb61eb101dc4faa7a7789576ba6
- SHA256
  
  a0dcdac44fa16cd484ff0575a060f28e5a07030c252162ead48d46703c6eb9ac
- SHA512
  
  96459378fdbd3d5d56854573051934eaa74123d6361d51bc942e46e7e369ff69b8813faddf70002e92c595b5713736e1634c33fda27426c0c7afe68f5b91768a
- SSDEEP
  
  49152:PHiOIp3J0tKUC+x+2xWVu0Vvrq9Vf0odWT1dw8m8FzRaN8T1/:PCpnUo2831qBW/e8za
Score

10^/10

darkgate x6x6x7x77xx6x6x67 execution stealer
- DarkGate
  DarkGate is an infostealer written in C++.
  stealer darkgate
- Detect DarkGate stealer
- Executes dropped EXE
- Loads dropped DLL
- Command and Scripting Interpreter: AutoIT
  Using AutoIT for possible automate script.
  execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

AutoHotKey & AutoIT

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkgatex6x6x7x77xx6x6x67executionstealer

behavioral2

darkgatex6x6x7x77xx6x6x67executionstealer