darkgate | 11a4a907b6c46af58bc666422687550fdce788ecd52f1e36c5005364bd4434e2 | Triage

Sharing

General

Target

17948925715.zip
Size

2.4MB
Sample

240702-nggvlatern
MD5

b8fd2ab4ecd967385ccf0a96849cd956
SHA1

d89e72837bf0186347aab4350fdc64a4e70804a9
SHA256

11a4a907b6c46af58bc666422687550fdce788ecd52f1e36c5005364bd4434e2
SHA512

1c17e46f290d2bad9419ff5d81f00e024bc71b5cb1b2f7f039d37669b7299294705af552757c08cd240fafcd5c8f550c3ba9ea7cfbf0189e6d4e62ff2b2e9e97
SSDEEP

49152:HvzjzhII+G0qQ1ECla3/RTf+3JK4Su3h4dB7oa5WfjUiRlmIxzcp1:Hvzjz6IMqUEca3fuRQBojjUiRlmGz0

Score

10^/10

darkgate trafikk897612561 execution stealer

Malware Config

Extracted

Family

darkgate

Botnet

trafikk897612561

C2

91.222.173.206

Attributes

anti_analysis
true
anti_debug
false
anti_vm
true
c2_port
80
check_disk
false
check_ram
false
check_xeon
false
crypter_au3
false
crypter_dll
false
crypter_raw_stub
false
internal_mutex
UBZUsUjh
minimum_disk
100
minimum_ram
4095
ping_interval
6
rootkit
false
startup_persistence
true
username
trafikk897612561

Targets

- Target
  
  2ed4553c02d62e7fedbf218621f4ddfa7673b997e094bff476e19303b61e921c
- Size
  
  4.6MB
- MD5
  
  2c689148570f6bdc9d8b0e8aa396965a
- SHA1
  
  1b46badb604c232edc65d8f1184913bf4f2a672c
- SHA256
  
  2ed4553c02d62e7fedbf218621f4ddfa7673b997e094bff476e19303b61e921c
- SHA512
  
  b6d17383be33018b559abf6b4ea615b265d1dc4174dadf9c1978ed29b18e95d9ad3b0787c007c2fd7ef71baa6b6b0cf628043e4cc9ab8a46c66bca9c2f0f160a
- SSDEEP
  
  98304:3tLutqgwh4NYxtJppxhGO0sP3gAZaOR7ksh333F:UxOxtJRhY83go5L
Score

10^/10

darkgate trafikk897612561 execution stealer
- DarkGate
  DarkGate is an infostealer written in C++.
  stealer darkgate
- Detect DarkGate stealer
- Command and Scripting Interpreter: AutoIT
  Using AutoIT for possible automate script.
  execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

AutoHotKey & AutoIT

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkgatetrafikk897612561executionstealer

behavioral2

darkgatetrafikk897612561executionstealer