darkgate | 9c0e3ceb7cccfb3c91e7b7f0e34ed8870fb9818d916f39c18c8501a4752e6401 | Triage

Submit
Reports

Overview

overview

Static

static

1

26-June-70204bf8.vbs

windows7-x64

26-June-70204bf8.vbs

windows10-2004-x64

Sharing

General

Target

26-June-70204bf8.vbs
Size

2.7MB
Sample

240626-yry7qs1bnh
MD5

5a2e37b9f2732bbf0ca46e771e930a56
SHA1

e6b4a5373c88f1d98d232380d29cedb6fc3124e9
SHA256

9c0e3ceb7cccfb3c91e7b7f0e34ed8870fb9818d916f39c18c8501a4752e6401
SHA512

19fb487a91bf8c55fbf54b187af3bdae5c4c5d812265601231118d17570574bd07a02e1f36592def5a52b37231f2a993b2b5041b6738ab836da0de520c32269f
SSDEEP

49152:nwww8w0jjjGQx2g21XYYajjjKowa4hFpnwpwjRwSwDuBjjjRwfwBiNm:k

Score

10^/10

darkgate trafikk897612561 execution stealer

Static task

static1

Behavioral task

behavioral1

Sample

26-June-70204bf8.vbs

Resource

win7-20240508-en

darkgate trafikk897612561 execution stealer

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

26-June-70204bf8.vbs

Resource

win10v2004-20240508-en

darkgate trafikk897612561 execution stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

darkgate

Botnet

trafikk897612561

C2

91.222.173.170

Attributes

anti_analysis
true
anti_debug
false
anti_vm
true
c2_port
80
check_disk
false
check_ram
false
check_xeon
false
crypter_au3
false
crypter_dll
false
crypter_raw_stub
false
internal_mutex
GDrdcpJy
minimum_disk
100
minimum_ram
4095
ping_interval
6
rootkit
false
startup_persistence
true
username
trafikk897612561

Targets

- Target
  
  26-June-70204bf8.vbs
- Size
  
  2.7MB
- MD5
  
  5a2e37b9f2732bbf0ca46e771e930a56
- SHA1
  
  e6b4a5373c88f1d98d232380d29cedb6fc3124e9
- SHA256
  
  9c0e3ceb7cccfb3c91e7b7f0e34ed8870fb9818d916f39c18c8501a4752e6401
- SHA512
  
  19fb487a91bf8c55fbf54b187af3bdae5c4c5d812265601231118d17570574bd07a02e1f36592def5a52b37231f2a993b2b5041b6738ab836da0de520c32269f
- SSDEEP
  
  49152:nwww8w0jjjGQx2g21XYYajjjKowa4hFpnwpwjRwSwDuBjjjRwfwBiNm:k
Score

10^/10

darkgate trafikk897612561 execution stealer
- DarkGate
  DarkGate is an infostealer written in C++.
  stealer darkgate
- Detect DarkGate stealer
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Executes dropped EXE
- Command and Scripting Interpreter: AutoIT
  Using AutoIT for possible automate script.
  execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

AutoHotKey & AutoIT

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkgatetrafikk897612561executionstealer

behavioral2

darkgatetrafikk897612561executionstealer

© 2018-2024

Terms | Privacy