darkgate | 08ec22dd1d931a9d4194d5e46bc42914e62227c11e9fedce2175fe6a53eb4f92 | Triage

Submit
Reports

Overview

overview

Static

static

3

08ec22dd1d...92.exe

windows7-x64

08ec22dd1d...92.exe

windows10-2004-x64

Sharing

General

Target

08ec22dd1d931a9d4194d5e46bc42914e62227c11e9fedce2175fe6a53eb4f92.exe
Size

3.4MB
Sample

240819-bfs51sydrj
MD5

6446245c985087b919aa69304d1a8cac
SHA1

1b29352ea318550390e4bc072c6fe9704ceaeef6
SHA256

08ec22dd1d931a9d4194d5e46bc42914e62227c11e9fedce2175fe6a53eb4f92
SHA512

818531a09029e9da85295e0e5cd358da4443e15fcd09bbd931edfba00e14f1f93fdae29b5db1fe44ec4a9a4846a91557ba4f5476ac6c2ddbced987e22b9d5bff
SSDEEP

49152:XwREDDMfG6Qgvc/5WUbGsQ4Xw4z0g3QeT84fB84AdcdHeMxWrP+beY7UY714:XwREaQX/9cqDzJQeT8458zudMwZgN

Score

10^/10

darkgate test3 discovery execution persistence stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

08ec22dd1d931a9d4194d5e46bc42914e62227c11e9fedce2175fe6a53eb4f92.exe

Resource

win7-20240708-en

darkgate test3 discovery execution persistence stealer

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

08ec22dd1d931a9d4194d5e46bc42914e62227c11e9fedce2175fe6a53eb4f92.exe

Resource

win10v2004-20240802-en

darkgate test3 discovery execution persistence stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

darkgate

Botnet

test3

C2

127.0.0.1

Attributes

anti_analysis
false
anti_debug
false
anti_vm
false
c2_port
80
check_disk
false
check_ram
false
check_xeon
false
crypter_au3
false
crypter_dll
false
crypter_raw_stub
false
internal_mutex
sXhElIrM
minimum_disk
100
minimum_ram
4096
ping_interval
6
rootkit
false
startup_persistence
true
username
test3

Targets

- Target
  
  08ec22dd1d931a9d4194d5e46bc42914e62227c11e9fedce2175fe6a53eb4f92.exe
- Size
  
  3.4MB
- MD5
  
  6446245c985087b919aa69304d1a8cac
- SHA1
  
  1b29352ea318550390e4bc072c6fe9704ceaeef6
- SHA256
  
  08ec22dd1d931a9d4194d5e46bc42914e62227c11e9fedce2175fe6a53eb4f92
- SHA512
  
  818531a09029e9da85295e0e5cd358da4443e15fcd09bbd931edfba00e14f1f93fdae29b5db1fe44ec4a9a4846a91557ba4f5476ac6c2ddbced987e22b9d5bff
- SSDEEP
  
  49152:XwREDDMfG6Qgvc/5WUbGsQ4Xw4z0g3QeT84fB84AdcdHeMxWrP+beY7UY714:XwREaQX/9cqDzJQeT8458zudMwZgN
Score

10^/10

darkgate test3 discovery execution persistence stealer
- DarkGate
  DarkGate is an infostealer written in C++.
  stealer darkgate
- Detect DarkGate stealer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Command and Scripting Interpreter: AutoIT
  Using AutoIT for possible automate script.
  execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

AutoHotKey & AutoIT

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkgatetest3discoveryexecutionpersistencestealer

behavioral2

darkgatetest3discoveryexecutionpersistencestealer

© 2018-2024

Terms | Privacy