darkgate | dd0654e56d20c8b8da6bc9aaed75a45274ce15f67cad91061d211c745855b473 | Triage

Sharing

General

Target

dd0654e56d20c8b8da6bc9aaed75a45274ce15f67cad91061d211c745855b473
Size

1.8MB
Sample

240620-yycbjszdjl
MD5

8307fbaa6cbe6b44fe73e6cb6aa16084
SHA1

1a9bafa5983b0173843f7abcbf58086cf0a8caaa
SHA256

dd0654e56d20c8b8da6bc9aaed75a45274ce15f67cad91061d211c745855b473
SHA512

30faf2ac0178f45776af4440a6e3e49d9a9710b3e167896274cababd55dae2249386fa18569406b7b9dd52ac3cf4ff9de3f173f04cbb0a426a1e5536516a5a67
SSDEEP

24576:A5Gq/bnqIQsqO/kApjtSKJiHsW5ccVmonGkJvVUrPAI1sb5cVWGCdi2FjKgYREie:anE4kwQsWp4UvVK1sbzgQi0l

Score

10^/10

darkgate trafikk897612561 execution stealer

Malware Config

Extracted

Family

darkgate

Botnet

trafikk897612561

C2

gratisbonuses.com

Attributes

anti_analysis
true
anti_debug
false
anti_vm
true
c2_port
80
check_disk
false
check_ram
false
check_xeon
false
crypter_au3
false
crypter_dll
false
crypter_raw_stub
false
internal_mutex
jUFcHeCa
minimum_disk
100
minimum_ram
4095
ping_interval
6
rootkit
false
startup_persistence
true
username
trafikk897612561

Targets

- Target
  
  dd0654e56d20c8b8da6bc9aaed75a45274ce15f67cad91061d211c745855b473
- Size
  
  1.8MB
- MD5
  
  8307fbaa6cbe6b44fe73e6cb6aa16084
- SHA1
  
  1a9bafa5983b0173843f7abcbf58086cf0a8caaa
- SHA256
  
  dd0654e56d20c8b8da6bc9aaed75a45274ce15f67cad91061d211c745855b473
- SHA512
  
  30faf2ac0178f45776af4440a6e3e49d9a9710b3e167896274cababd55dae2249386fa18569406b7b9dd52ac3cf4ff9de3f173f04cbb0a426a1e5536516a5a67
- SSDEEP
  
  24576:A5Gq/bnqIQsqO/kApjtSKJiHsW5ccVmonGkJvVUrPAI1sb5cVWGCdi2FjKgYREie:anE4kwQsWp4UvVK1sbzgQi0l
Score

10^/10

darkgate trafikk897612561 execution stealer
- DarkGate
  DarkGate is an infostealer written in C++.
  stealer darkgate
- Detect DarkGate stealer
- Executes dropped EXE
- Loads dropped DLL
- Command and Scripting Interpreter: AutoIT
  Using AutoIT for possible automate script.
  execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

AutoHotKey & AutoIT

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkgatetrafikk897612561executionstealer

behavioral2

darkgatetrafikk897612561executionstealer