darkgate | 0145592b79cc6d211b39edcf3a8847b23941214c613ab57b66b03af20d833ce8 | Triage

Sharing

General

Target

4b362951de01e8de774ff98d1fcd04ce.bin
Size

1.9MB
Sample

240705-b4fvla1hqa
MD5

801e51f18a12b4141b0d0fe5ceba145d
SHA1

a738cac1eb9070aefb68d78086ecfa11a29be342
SHA256

0145592b79cc6d211b39edcf3a8847b23941214c613ab57b66b03af20d833ce8
SHA512

3521b45cae3025f24760613f9f0f5173520c61fc7bd89b28a246965d300c31e84a9749766d4c86b9e8c60b726dd3ff1aed8655e8edd7d99d13c8075deb63c203
SSDEEP

49152:8mkTcIsSNpm/6PYmW+vJHTCAXq1cTdyDNE2DsLnzmLq3AOlklu9zx:8zTc72pA6HpZvq2TdwNOrzmL4lkUJx

Score

10^/10

darkgate trafikk897612561 execution stealer

Malware Config

Extracted

Family

darkgate

Botnet

trafikk897612561

C2

91.222.173.204

Attributes

anti_analysis
true
anti_debug
false
anti_vm
true
c2_port
80
check_disk
false
check_ram
false
check_xeon
false
crypter_au3
false
crypter_dll
false
crypter_raw_stub
false
internal_mutex
WRYOnwPR
minimum_disk
100
minimum_ram
4095
ping_interval
6
rootkit
false
startup_persistence
true
username
trafikk897612561

Targets

- Target
  
  2de4a8c16d3643a3c58c63f4e7df2836919316635c05718dac1e474b6eb7fe29.exe
- Size
  
  3.2MB
- MD5
  
  4b362951de01e8de774ff98d1fcd04ce
- SHA1
  
  5b433fe0dbd449f6a04388fade733f0d1d250252
- SHA256
  
  2de4a8c16d3643a3c58c63f4e7df2836919316635c05718dac1e474b6eb7fe29
- SHA512
  
  5f1d793e930374fbf3b5cca767605a7ee2cfd48d95eea4f273e7a70e043c19dae3669ab471ec2d0a98d9454eb6edc83ec5335918c26190e04de6770642e1628e
- SSDEEP
  
  49152:dsjxBrEi/YD4ocuJ5txUJGvSEmrxlbTT1zVIZZpEkQuPQLAkOWMuG8lAKRRmxvIy:dsjxBrEMYD4ocuEbr1yZERuYLi/imKNE
Score

10^/10

darkgate trafikk897612561 execution stealer
- DarkGate
  DarkGate is an infostealer written in C++.
  stealer darkgate
- Detect DarkGate stealer
- Executes dropped EXE
- Loads dropped DLL
- Command and Scripting Interpreter: AutoIT
  Using AutoIT for possible automate script.
  execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

AutoHotKey & AutoIT

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkgatetrafikk897612561executionstealer

behavioral2

darkgatetrafikk897612561executionstealer