Overview

overview

10

Static

static

10

cryptolaemus

windows10-2004-x64

10

cryptolaemus

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8a93eabf56949eb69dc5c81a39645fec215d967d126751a8bb72e2f90a3c41c7

  • Size

    434KB

  • Sample

    240819-hnpk5azdmh

  • MD5

    32779bb4eda0b1834dc50d88f4930c3e

  • SHA1

    7041fb14c8593d2657d4244d6930a35a2745f96e

  • SHA256

    8a93eabf56949eb69dc5c81a39645fec215d967d126751a8bb72e2f90a3c41c7

  • SHA512

    aeb8e88e9b016df87228be72517694f1c382fde0e1f42bb3e91f0fba22ef8abc7298aec89cb8439d1c1bb20ae2429f1d4bee5a99f9fd78f4a8d7840ca856b0c8

  • SSDEEP

    12288:ObfJmY1oCMa3Wyex7ykWynLSKJ13oqnuj/ro:O7bKCM0ax7ykWynLRJ1Y+uTro

Score
10/10
darkgatediscoverystealer

Malware Config

Extracted

Family

darkgate

Version



C2

http://sanibroadbandcommunicton.duckdns.org

Attributes
  • anti_analysis

    false

  • anti_debug

    false

  • anti_vm

    false

  • c2_port

    5864

  • check_disk

    false

  • check_ram

    false

  • check_xeon

    false

  • crypter_au3

    false

  • crypter_dll

    false

  • crypter_raw_stub

    true

  • crypto_key

    LAbQdWWsbybjAY

  • internal_mutex

    bbcAde

  • minimum_disk

    100

  • minimum_ram

    4096

  • ping_interval

    10

  • rootkit

    false

  • startup_persistence

    false

Targets

    • Target

      8a93eabf56949eb69dc5c81a39645fec215d967d126751a8bb72e2f90a3c41c7

    • Size

      434KB

    • MD5

      32779bb4eda0b1834dc50d88f4930c3e

    • SHA1

      7041fb14c8593d2657d4244d6930a35a2745f96e

    • SHA256

      8a93eabf56949eb69dc5c81a39645fec215d967d126751a8bb72e2f90a3c41c7

    • SHA512

      aeb8e88e9b016df87228be72517694f1c382fde0e1f42bb3e91f0fba22ef8abc7298aec89cb8439d1c1bb20ae2429f1d4bee5a99f9fd78f4a8d7840ca856b0c8

    • SSDEEP

      12288:ObfJmY1oCMa3Wyex7ykWynLSKJ13oqnuj/ro:O7bKCM0ax7ykWynLRJ1Y+uTro

    Score
    10/10
    darkgatediscoverystealer

    • DarkGate

      DarkGate is an infostealer written in C++.

      stealerdarkgate

    • Detect DarkGate stealer

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks