darkgate | 194e3e3ac9565493a54e0d2e250cac3938d1ff1e4642e6d45d0d5dab8b07b74f | Triage

Sharing

General

Target

194e3e3ac9565493a54e0d2e250cac3938d1ff1e4642e6d45d0d5dab8b07b74f
Size

5.6MB
Sample

240718-2fdnfasgke
MD5

8fc398380036d73c95183093cab09512
SHA1

0d36af6260d39a423ce480f021d3f4d380cb3867
SHA256

194e3e3ac9565493a54e0d2e250cac3938d1ff1e4642e6d45d0d5dab8b07b74f
SHA512

3c97690e881d9212eb84622077d16367d582235985b9385251cd5e52fed39862fbbee0fb28db4c536c43ea0e176bcc1ed7211192840f080d90638234061b0c11
SSDEEP

49152:IR/KpmZubPf2S8W2ILeWl+C1t9jWy5Snd0eigXmcBMizlTEJHLDs1Zu0z3bkHUAl:O/jtYLP1Gy5E0cNEJHU1Z5LKUABga

Score

10^/10

darkgate trafikk897612561 execution stealer

Malware Config

Extracted

Family

darkgate

Botnet

trafikk897612561

C2

91.222.175.250

Attributes

anti_analysis
true
anti_debug
false
anti_vm
true
c2_port
80
check_disk
false
check_ram
false
check_xeon
false
crypter_au3
false
crypter_dll
false
crypter_raw_stub
false
internal_mutex
crrZYSEf
minimum_disk
100
minimum_ram
4095
ping_interval
6
rootkit
false
startup_persistence
true
username
trafikk897612561

Targets

- Target
  
  194e3e3ac9565493a54e0d2e250cac3938d1ff1e4642e6d45d0d5dab8b07b74f
- Size
  
  5.6MB
- MD5
  
  8fc398380036d73c95183093cab09512
- SHA1
  
  0d36af6260d39a423ce480f021d3f4d380cb3867
- SHA256
  
  194e3e3ac9565493a54e0d2e250cac3938d1ff1e4642e6d45d0d5dab8b07b74f
- SHA512
  
  3c97690e881d9212eb84622077d16367d582235985b9385251cd5e52fed39862fbbee0fb28db4c536c43ea0e176bcc1ed7211192840f080d90638234061b0c11
- SSDEEP
  
  49152:IR/KpmZubPf2S8W2ILeWl+C1t9jWy5Snd0eigXmcBMizlTEJHLDs1Zu0z3bkHUAl:O/jtYLP1Gy5E0cNEJHU1Z5LKUABga
Score

10^/10

darkgate trafikk897612561 execution stealer
- DarkGate
  DarkGate is an infostealer written in C++.
  stealer darkgate
- Detect DarkGate stealer
- Executes dropped EXE
- Loads dropped DLL
- Command and Scripting Interpreter: AutoIT
  Using AutoIT for possible automate script.
  execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

AutoHotKey & AutoIT

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkgatetrafikk897612561executionstealer

behavioral2

darkgatetrafikk897612561executionstealer