darkgate | 6058162ad11dd8fd7e8aa68ce17487ebe496ee87d3280e022dc1df15cc7a85f9 | Triage

Submit
Reports

Overview

overview

Static

static

1

Doc-10.exe

windows7-x64

Doc-10.exe

windows11-21h2-x64

Sharing

General

Target

Quarantined Messages.zip
Size

643KB
Sample

240815-pylesa1hqh
MD5

571e2a13bdb5ac513ff78376248681e5
SHA1

ee1430b40eb87939ac1834a213bfc071edcb9699
SHA256

6058162ad11dd8fd7e8aa68ce17487ebe496ee87d3280e022dc1df15cc7a85f9
SHA512

c1ba0af75275e8401e0995b772bfb35733e35c076433e00ea15ad80e9a7c4b249c917a6a5ddad570de2d6d97a7c9116f02cdb4e879a90e35c1a6b6afdddff5a8
SSDEEP

12288:7zBqAkB1gW7UaBp+HZzfUEWuSD8cQfXpf5p45gzIEz5zlPR:7zBqAGdyHKEWuSrQpIgzIElhPR

Score

10^/10

darkgate a11111 defense_evasion discovery stealer

Static task

static1

Behavioral task

behavioral1

Sample

Doc-10.exe

Resource

win7-20240704-en

darkgate a11111 defense_evasion discovery stealer

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

Doc-10.exe

Resource

win11-20240802-en

darkgate a11111 discovery stealer

windows11-21h2-x64

4 signatures

150 seconds

Malware Config

Extracted

Family

darkgate

Version

Botnet

A11111

C2

http://whoernet.co.com

Attributes

alternative_c2_port
8080
anti_analysis
true
anti_debug
true
anti_vm
false
c2_port
80
check_disk
false
check_ram
false
check_xeon
false
crypter_au3
false
crypter_dll
false
crypter_raw_stub
true
crypto_key
LVmvrxmkPNHUNM
internal_mutex
txtMut
minimum_disk
100
minimum_ram
4096
ping_interval
4
rootkit
true
startup_persistence
true
username
A11111

Targets

- Target
  
  Doc-10.exe
- Size
  
  1.1MB
- MD5
  
  2663243d13ad9a58f973a8299c41df07
- SHA1
  
  be11963f1105cf95da88cf81a29c4870d0232251
- SHA256
  
  b79b536569c0060a834e4001289a6700692d67df58e644779fababf0df22fc75
- SHA512
  
  4a869b5355d99c9d0129369c7e325d44e43b67505c19900bf19f86a6511593d15a4c22278b45ee00a8a1839bb40b3daad560e7cd7075449362519311c81d297e
- SSDEEP
  
  24576:63NdMYF6sAH2hkCcpvBqtfCXDo3IFJ4pueAq/cUz4/4ZNQY8MOYXg:UmOXg
Score

10^/10

darkgate a11111 defense_evasion discovery stealer
- DarkGate
  DarkGate is an infostealer written in C++.
  stealer darkgate
- Detect DarkGate stealer
- System Binary Proxy Execution: Verclsid
  Adversaries may abuse Verclsid to proxy execution of malicious code.
  defense_evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

System Binary Proxy Execution

Verclsid

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkgatea11111defense_evasiondiscoverystealer

behavioral2

darkgatea11111discoverystealer

© 2018-2025

Terms | Privacy