darkgate | c041806df08b65e970ee6975569967a2e9379d475bfbb8154be0ba3dd08b34d6 | Triage

Sharing

General

Target

c041806df08b65e970ee6975569967a2e9379d475bfbb8154be0ba3dd08b34d6
Size

2.4MB
Sample

240715-vw35psteqg
MD5

eb9816b459aa84e0ca7085d2bb4ab57a
SHA1

65a3f06fbf32b786870e5ed1de0d5fe940a772ca
SHA256

c041806df08b65e970ee6975569967a2e9379d475bfbb8154be0ba3dd08b34d6
SHA512

0d5a517135510832d7160119de050b5eac21b34045023508e61d00a5f697650310376e635d0ddf138a9d55349f7e060d92f579266111ee2e743a967a1e4199c4
SSDEEP

49152:NrT/9dzvysvrxTpbpKBZJfcPIES49SqDlPJ7TuixKYfZLq:NPnzvvvV9bMYIYBCi1xm

Score

10^/10

darkgate x6x6x7x77xx6x6x67 execution stealer

Malware Config

Extracted

Family

darkgate

Botnet

x6x6x7x77xx6x6x67

C2

australiaivf.com

Attributes

anti_analysis
true
anti_debug
false
anti_vm
true
c2_port
80
check_disk
false
check_ram
false
check_xeon
false
crypter_au3
false
crypter_dll
false
crypter_raw_stub
false
internal_mutex
eXesNlDE
minimum_disk
100
minimum_ram
4096
ping_interval
6
rootkit
false
startup_persistence
true
username
x6x6x7x77xx6x6x67

Targets

- Target
  
  9845e65543e74e6b6e731af9349d932c7b4e70ddf0a79d9e2fe18a10002e912f
- Size
  
  4.7MB
- MD5
  
  3d253352224aead7526d58a4e21932fb
- SHA1
  
  ca2e53cf2ec7fc678c347198dbf1c6d76e32380b
- SHA256
  
  9845e65543e74e6b6e731af9349d932c7b4e70ddf0a79d9e2fe18a10002e912f
- SHA512
  
  516ff664fe2446df5793498f9daa565647c339fdc4423454fdc129b1fc43b6fe0b968600d00709c8f5e2dfe80a366858f67e148f40c9d85255d02bdae238d3a3
- SSDEEP
  
  98304:fCsVbXGGHMUhn6kUC1h3TSx+Fn388qjYeQnV:asViQM
Score

10^/10

darkgate x6x6x7x77xx6x6x67 execution stealer
- DarkGate
  DarkGate is an infostealer written in C++.
  stealer darkgate
- Detect DarkGate stealer
- Executes dropped EXE
- Loads dropped DLL
- Command and Scripting Interpreter: AutoIT
  Using AutoIT for possible automate script.
  execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

AutoHotKey & AutoIT

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkgatex6x6x7x77xx6x6x67executionstealer

behavioral2

darkgatex6x6x7x77xx6x6x67executionstealer