darkgate | 835a409fdba7ac617f7eab38e042814dd39fe6dffc27006869db6fa1de3b02bc | Triage

Sharing

General

Target

835a409fdba7ac617f7eab38e042814dd39fe6dffc27006869db6fa1de3b02bc
Size

10.6MB
Sample

240710-d8bgsawfpa
MD5

31c523de5ae722db3a7b45afb7b46cb0
SHA1

24782070cba0d4d22f81639d5dfd5f096946b4f5
SHA256

835a409fdba7ac617f7eab38e042814dd39fe6dffc27006869db6fa1de3b02bc
SHA512

2d0a1bd0018512236b1f8aefa35c1189d42302bd0879eaf071a90a3d5adc038b4e541a6609bc4e1abe4ca7221aa87e381fe869956c06e2acae85dbb994384334
SSDEEP

49152:8R/KpmZubPf2S8W2ILeWl+C1p9jWy5Snd0eigXwRiNwlzyQu5INa6rA8bGHTrGbc:K/jtYLP1Sy5E0xleZINlrA8yHv+uddn

Score

10^/10

darkgate trafikk897612561 execution stealer

Malware Config

Extracted

Family

darkgate

Botnet

trafikk897612561

C2

91.222.173.64

Attributes

anti_analysis
true
anti_debug
false
anti_vm
true
c2_port
80
check_disk
false
check_ram
false
check_xeon
false
crypter_au3
false
crypter_dll
false
crypter_raw_stub
false
internal_mutex
DQpJRzCe
minimum_disk
100
minimum_ram
4095
ping_interval
6
rootkit
false
startup_persistence
true
username
trafikk897612561

Targets

- Target
  
  835a409fdba7ac617f7eab38e042814dd39fe6dffc27006869db6fa1de3b02bc
- Size
  
  10.6MB
- MD5
  
  31c523de5ae722db3a7b45afb7b46cb0
- SHA1
  
  24782070cba0d4d22f81639d5dfd5f096946b4f5
- SHA256
  
  835a409fdba7ac617f7eab38e042814dd39fe6dffc27006869db6fa1de3b02bc
- SHA512
  
  2d0a1bd0018512236b1f8aefa35c1189d42302bd0879eaf071a90a3d5adc038b4e541a6609bc4e1abe4ca7221aa87e381fe869956c06e2acae85dbb994384334
- SSDEEP
  
  49152:8R/KpmZubPf2S8W2ILeWl+C1p9jWy5Snd0eigXwRiNwlzyQu5INa6rA8bGHTrGbc:K/jtYLP1Sy5E0xleZINlrA8yHv+uddn
Score

10^/10

darkgate trafikk897612561 execution stealer
- DarkGate
  DarkGate is an infostealer written in C++.
  stealer darkgate
- Detect DarkGate stealer
- Command and Scripting Interpreter: AutoIT
  Using AutoIT for possible automate script.
  execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

AutoHotKey & AutoIT

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkgatetrafikk897612561executionstealer

behavioral2

darkgatetrafikk897612561executionstealer