Overview

overview

10

Static

static

10

darkgate/0...20.exe

windows7-x64

10

darkgate/0...20.exe

windows10-2004-x64

10

darkgate/0...24.exe

windows7-x64

1

darkgate/0...24.exe

windows10-2004-x64

3

darkgate/0...d2.exe

windows7-x64

10

darkgate/0...d2.exe

windows10-2004-x64

10

darkgate/0...bf.exe

windows7-x64

10

darkgate/0...bf.exe

windows10-2004-x64

10

darkgate/0...49.exe

windows7-x64

10

darkgate/0...49.exe

windows10-2004-x64

10

darkgate/0...fd.exe

windows7-x64

1

darkgate/0...fd.exe

windows10-2004-x64

1

darkgate/0...8f.exe

windows7-x64

darkgate/0...8f.exe

windows10-2004-x64

darkgate/0...be.exe

windows7-x64

10

darkgate/0...be.exe

windows10-2004-x64

10

darkgate/1...bb.exe

windows7-x64

10

darkgate/1...bb.exe

windows10-2004-x64

10

darkgate/1...ac.exe

windows7-x64

1

darkgate/1...ac.exe

windows10-2004-x64

3

darkgate/1...e6.exe

windows7-x64

1

darkgate/1...e6.exe

windows10-2004-x64

3

darkgate/1...50.exe

windows7-x64

1

darkgate/1...50.exe

windows10-2004-x64

1

darkgate/1...de.exe

windows7-x64

darkgate/1...de.exe

windows10-2004-x64

darkgate/1...e4.exe

windows7-x64

10

darkgate/1...e4.exe

windows10-2004-x64

10

darkgate/1...f2.exe

windows7-x64

1

darkgate/1...f2.exe

windows10-2004-x64

3

darkgate/1...90.exe

windows7-x64

10

darkgate/1...90.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    darkgate.7z

  • Size

    1.4MB

  • Sample

    241023-sed35sybjr

  • MD5

    ad060f717005011f67a64a7ddea8fad5

  • SHA1

    854a8a588e5c6d73c5a4ca3766ce83deafce0ca3

  • SHA256

    891077c9c5725718409feda0e3ac7f6515aeebfffa25ca989ba0797ac7e6e168

  • SHA512

    20339159d8a0d988b2704ea105514874b3ccb5adb3a41771830baf93a0e1413c60ee0dfe43d730e5f82cfa220ba2f8d94f914679184faf59463a4dbce08954a1

  • SSDEEP

    24576:S0p0VdtnB3ntk9mLNIgIkgyeNN0901KpI8+NzS5VzBdqFGP6MnIKjxzUvqae6xHB:SLdB3tMKNFIkaNSqQ+NWldBP6MIKxRad

Score
10/10
darkgateadmin888admin8888civilian1337herady5ricocricoc2user_871236672discoverystealer

Malware Config

Extracted

Family

darkgate

Botnet

admin888

C2

adfhjadfbjadbfjkhad44jka.com

nextroundst.com
Attributes
  • anti_analysis

    true

  • anti_debug

    false

  • anti_vm

    true

  • c2_port

    80

  • check_disk

    false

  • check_ram

    false

  • check_xeon

    false

  • crypter_au3

    false

  • crypter_dll

    false

  • crypter_raw_stub

    false

  • internal_mutex

    zpQpPwKm

  • minimum_disk

    50

  • minimum_ram

    7000

  • ping_interval

    6

  • rootkit

    false

  • startup_persistence

    true

  • username

    admin888

Extracted

Family

darkgate

Version

4.8.1

C2

http://88.99.105.55

http://178.63.53.44

Extracted

Family

darkgate

Version

4.8.9

C2

http://178.63.53.44

Extracted

Family

darkgate

Version



C2

http://192.168.100.14

http://lampixx.hopto.org

http://77.229.124.142
Attributes
  • anti_analysis

    false

  • anti_debug

    false

  • anti_vm

    false

  • c2_port

    1377

  • check_disk

    false

  • check_ram

    false

  • check_xeon

    false

  • crypter_au3

    false

  • crypter_dll

    false

  • crypter_raw_stub

    true

  • crypto_key

    JDJkPdCYhDHOLl

  • internal_mutex

    dbaHbd

  • minimum_disk

    100

  • minimum_ram

    4096

  • ping_interval

    20

  • rootkit

    false

  • startup_persistence

    false

Extracted

Family

darkgate

Version

4.17b

Botnet

Ricoc

C2

http://5.188.87.58

Attributes
  • alternative_c2_port

    9999

  • anti_analysis

    false

  • anti_debug

    true

  • anti_vm

    false

  • c2_port

    2351

  • check_disk

    false

  • check_ram

    false

  • check_xeon

    false

  • crypter_au3

    true

  • crypter_dll

    false

  • crypter_raw_stub

    false

  • crypto_key

    LuxTDJpYDqOqHC

  • internal_mutex

    bKcDaE

  • minimum_disk

    100

  • minimum_ram

    4096

  • ping_interval

    4

  • rootkit

    true

  • startup_persistence

    true

  • username

    Ricoc

Extracted

Family

darkgate

C2

http://wmnwserviceadsmark.com

http://clickminded.agency

http://179.60.149.3
Attributes
  • anti_analysis

    false

  • anti_debug

    false

  • anti_vm

    false

  • c2_port

    80

  • check_disk

    false

  • check_ram

    false

  • check_xeon

    false

  • crypter_au3

    true

  • crypter_dll

    false

  • crypter_raw_stub

    false

  • crypto_key

    KJYCVtcWMZgWku

  • internal_mutex

    bedfbF

  • minimum_disk

    100

  • minimum_ram

    4096

  • ping_interval

    4

  • rootkit

    true

  • startup_persistence

    true

Extracted

Family

darkgate

Version

4.8.6

C2

http://5.188.87.58

Extracted

Family

darkgate

Version

4.5.1

C2

http://80.66.88.145

Attributes
  • anti_analysis

    false

  • anti_debug

    false

  • anti_vm

    false

  • c2_port

    2351

  • check_disk

    false

  • check_ram

    false

  • check_xeon

    false

  • crypter_au3

    true

  • crypter_dll

    false

  • crypter_raw_stub

    false

  • crypto_key

    KsMozGbXPZovld

  • internal_mutex

    aFcade

  • minimum_disk

    50

  • minimum_ram

    4096

  • ping_interval

    4

  • rootkit

    true

  • startup_persistence

    true

Extracted

Family

darkgate

Version

4.17b

Botnet

Ricoc2

C2

http://joagfhreetdsa.com

Attributes
  • alternative_c2_port

    8080

  • anti_analysis

    false

  • anti_debug

    false

  • anti_vm

    false

  • c2_port

    80

  • check_disk

    false

  • check_ram

    false

  • check_xeon

    false

  • crypter_au3

    true

  • crypter_dll

    false

  • crypter_raw_stub

    false

  • crypto_key

    TOkfgEkqmmtXNb

  • internal_mutex

    txtMut

  • minimum_disk

    100

  • minimum_ram

    4096

  • ping_interval

    4

  • rootkit

    true

  • startup_persistence

    true

  • username

    Ricoc2

Extracted

Family

darkgate

Version

6.1.7

Botnet

admin888

C2

jenb128hiuedfhajduihfa.com

Attributes
  • anti_analysis

    true

  • anti_debug

    false

  • anti_vm

    true

  • c2_port

    80

  • check_disk

    true

  • check_ram

    true

  • check_xeon

    false

  • crypter_au3

    false

  • crypter_dll

    false

  • crypter_raw_stub

    false

  • internal_mutex

    zhRVKFlX

  • minimum_disk

    100

  • minimum_ram

    7000

  • ping_interval

    6

  • rootkit

    false

  • startup_persistence

    true

  • username

    admin888

Extracted

Family

darkgate

Version

5.2.4

Botnet

civilian1337

C2

http://185.130.227.202

Attributes
  • alternative_c2_port

    8080

  • anti_analysis

    false

  • anti_debug

    true

  • anti_vm

    false

  • c2_port

    2351

  • check_disk

    false

  • check_ram

    false

  • check_xeon

    false

  • crypter_au3

    false

  • crypter_dll

    false

  • crypter_raw_stub

    true

  • crypto_key

    VPsTDMdPronzYs

  • internal_mutex

    txtMut

  • minimum_ram

    4096

  • ping_interval

    4

  • rootkit

    true

  • startup_persistence

    true

  • username

    civilian1337

Extracted

Family

darkgate

Version

Q.�,)

C2

http://45.89.65.198

Attributes
  • anti_analysis

    false

  • anti_debug

    false

  • anti_vm

    false

  • c2_port

    80

  • check_disk

    false

  • check_ram

    false

  • check_xeon

    false

  • crypter_au3

    true

  • crypter_dll

    false

  • crypter_raw_stub

    false

  • crypto_key

    jSDOEysuJNgqgV

  • internal_mutex

    cabcaC

  • minimum_disk

    100

  • minimum_ram

    4096

  • ping_interval

    4

  • rootkit

    false

  • startup_persistence

    true

Extracted

Family

darkgate

Version

4.10.

Botnet

herady5

C2

http://167.114.199.65

Attributes
  • alternative_c2_port

    2351

  • anti_analysis

    false

  • anti_debug

    false

  • anti_vm

    false

  • c2_port

    2351

  • check_disk

    false

  • check_ram

    false

  • check_xeon

    false

  • crypter_au3

    true

  • crypter_dll

    false

  • crypter_raw_stub

    false

  • crypto_key

    PuqpVjoUKJizHc

  • internal_mutex

    chaCaA

  • minimum_disk

    100

  • minimum_ram

    4096

  • ping_interval

    30

  • rootkit

    true

  • startup_persistence

    true

  • username

    herady5

Extracted

Family

darkgate

Version

4.8.4

C2

http://80.66.88.145

Extracted

Family

darkgate

Version

6.1.6

Botnet

admin888

C2

newdomainfortesteenestle.com

Attributes
  • anti_analysis

    true

  • anti_debug

    false

  • anti_vm

    false

  • c2_port

    443

  • check_disk

    false

  • check_ram

    true

  • check_xeon

    false

  • crypter_au3

    false

  • crypter_dll

    false

  • crypter_raw_stub

    false

  • internal_mutex

    TFdsiUxb

  • minimum_disk

    100

  • minimum_ram

    4096

  • ping_interval

    6

  • rootkit

    false

  • startup_persistence

    false

  • username

    admin888

Extracted

Family

darkgate

Botnet

admin8888

C2

buassinnndm.net

Attributes
  • anti_analysis

    true

  • anti_debug

    false

  • anti_vm

    true

  • c2_port

    80

  • check_disk

    false

  • check_ram

    false

  • check_xeon

    false

  • crypter_au3

    false

  • crypter_dll

    false

  • crypter_raw_stub

    false

  • internal_mutex

    losBHUAX

  • minimum_disk

    100

  • minimum_ram

    4096

  • ping_interval

    6

  • rootkit

    false

  • startup_persistence

    true

  • username

    admin8888

Extracted

Family

darkgate

Version

5.2.2

Botnet

user_871236672

C2

http://cheneseemeg7575.cash

http://annoyingannoying.vodka

http://uiahbmajokriswhoer.net
Attributes
  • alternative_c2_port

    8080

  • anti_analysis

    true

  • anti_debug

    true

  • anti_vm

    true

  • c2_port

    2351

  • check_disk

    true

  • check_ram

    true

  • check_xeon

    true

  • crypter_au3

    false

  • crypter_dll

    false

  • crypter_raw_stub

    true

  • crypto_key

    ScfmVowTLpyVbK

  • internal_mutex

    txtMut

  • minimum_disk

    35

  • minimum_ram

    6000

  • ping_interval

    4

  • rootkit

    true

  • startup_persistence

    true

  • username

    user_871236672

Targets

    • Target

      darkgate/0201fcee89c9b2eb6871f37d9f92c9c16857a1c09543b95abd62948237d48720

    • Size

      449KB

    • MD5

      882e5ee17e2a66502b3f4d8b2bd60bc2

    • SHA1

      16d19cc8b2189314f0641574308bd336696ce3b0

    • SHA256

      0201fcee89c9b2eb6871f37d9f92c9c16857a1c09543b95abd62948237d48720

    • SHA512

      56307bbb76ce8a14ec3a57d06fb3329d8e3e3bcf7466c2e5fbd7c11244a037c3aa94dfce3e2fd0ad73d3ab418caafb0a839b0c2fb8e141f7febbbdda7b897119

    • SSDEEP

      12288:YealahKq5VyOvAFuKLIV5HmpMf1V1eny:YvA5VyOvyuKLIzHK21e

    Score
    10/10
    darkgateadmin888stealerdiscovery

    • DarkGate

      DarkGate is an infostealer written in C++.

      stealerdarkgate

    • Detect DarkGate stealer

    behavioral1behavioral2

    • Target

      darkgate/046916c0ec8b2cc15901ed6b724d419de3ed6efbacd544ac7cef9947291ccc24

    • Size

      475KB

    • MD5

      f86917f690f39bc565e64e4b027971bc

    • SHA1

      c284f3481c0e2031bcbca5985415b4804d2bce75

    • SHA256

      046916c0ec8b2cc15901ed6b724d419de3ed6efbacd544ac7cef9947291ccc24

    • SHA512

      6386be7fad867dcdbf6e6234cf66727f7c8a7b3339d2bb18bc886e1a6124a65518ffb6d979c624fc80b8e6a4d6093c61d9f565191fe0357ff6f5f41a7892650d

    • SSDEEP

      12288:FV5+zd5eWHUd5/0zY7F2IKLuHFme6fw7ll1+qnu//11s5:FvaeW0D0zY7FCLuHMe6fwJlc+unc

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      darkgate/0758bae88bcbffe93e6022920e7dac6f76c3d00a6d0948eb46eaf6b4db6324d2

    • Size

      476KB

    • MD5

      0ba33b5dbd3e450986c9627889575e26

    • SHA1

      72e01bab823dea6d24f340481c8fd860ecb94ffd

    • SHA256

      0758bae88bcbffe93e6022920e7dac6f76c3d00a6d0948eb46eaf6b4db6324d2

    • SHA512

      f0159b06a2dc99d260a2bb6c756838956a6a79528a76a8f81f7a4e1f6b11222346d450b373c5f7a71dffa36c25a4d5f40d8cd68ee49b211044c3c92e4d392970

    • SSDEEP

      12288:l0yYjNuWRUFBV0JBnSA/e8MosoxXn9+ECqnub/hlrn:lDquW+50jnSA2Toso19lC+ubhRn

    Score
    10/10
    darkgatediscoverystealer

    • DarkGate

      DarkGate is an infostealer written in C++.

      stealerdarkgate

    • Detect DarkGate stealer

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    behavioral5behavioral6

    • Target

      darkgate/07dc0c5ad87204c98eeab48bd9a10a7c2c3a69971b44621d06c3d4b09bc4e6bf

    • Size

      437KB

    • MD5

      149da23d732922b04f82d634750532f3

    • SHA1

      c8dfb9b07103fb44f73aa1316337f1b846fcd34f

    • SHA256

      07dc0c5ad87204c98eeab48bd9a10a7c2c3a69971b44621d06c3d4b09bc4e6bf

    • SHA512

      d86c22833053a83fcacdcd4eee86c9fc70a14eb1d588fe126378ca5ebbe7d46269b9e37a7c59f1bb5c5d70b573ae58bfc83047f6bb8be2d43398cbc67b7bfb09

    • SSDEEP

      12288:OdJPpmYoSsK+dmLB/Vb6lW0eR591NlyWqnux/WAY:Ob+SsBSB/VOlW0eH91NlyW+uhWAY

    Score
    10/10
    darkgatediscoverystealer

    • DarkGate

      DarkGate is an infostealer written in C++.

      stealerdarkgate

    • Detect DarkGate stealer

    • Suspicious use of SetThreadContext

    behavioral7behavioral8

    • Target

      darkgate/083c28ace437a34a8811ae161e0d0208336f42cb3a0f416d4f6dd4e7bcde2249

    • Size

      481KB

    • MD5

      243a877acac10939695b914fbc467540

    • SHA1

      dbed959b2bf4f2e5360e44566aec008344bf2c9e

    • SHA256

      083c28ace437a34a8811ae161e0d0208336f42cb3a0f416d4f6dd4e7bcde2249

    • SHA512

      f33bd1bcda779cbfa4d6988ccd3da15ff0ca6652734c014e897229273511da1fe8385b32c50cbc3b3c83cb4d39ad77066125f7d6be649c510ac858e504f4fa95

    • SSDEEP

      12288:73wfF2uWIOyAxbhWyElk3Xb8ruWqW3GMRIYQIpe1oqnu5/9aJCE:7S2uWyAXWyElwL8rjv3qYdpeu+u581

    Score
    10/10
    darkgatericocdiscoverystealer

    • DarkGate

      DarkGate is an infostealer written in C++.

      stealerdarkgate

    • Detect DarkGate stealer

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    behavioral10behavioral9

    • Target

      darkgate/0b08b4a9a8f624308f41096b687ec06e76d6703dac0bdf7d12362ca9ce3984fd

    • Size

      504KB

    • MD5

      2f93b3496982e2717fdf1d795603f1c2

    • SHA1

      ee6886af3ed51aa45eca1ff88b26273396dee498

    • SHA256

      0b08b4a9a8f624308f41096b687ec06e76d6703dac0bdf7d12362ca9ce3984fd

    • SHA512

      546268bf45d9dd51f274e8ed4a35fb1ca11a3d940d06c00bf4162403ebe2de5759be84dcd5bd0f58a6cdbce3493dd36ff3dbdaffb1fafb0067956aaf4f6a9208

    • SSDEEP

      12288:N7kXm7XA5sOWaU8rzVgI6W3fLnWmAbHZd46mtfgcaVrga7qnuP/NVk:N7kkA1W2rzKRW3fLnpKHZ+6+fgvVrgaL

    Score
    1/10
    behavioral11behavioral12

    • Target

      darkgate/0dee02b21cfc3d8055e4ea59c4df9a4d113dbe5676ce4946ec7406749eeb238f

    • Size

      504KB

    • MD5

      0f844be961b0ce43d70c64e532972b41

    • SHA1

      7158c8db999110aea98482bb83f129694fc4c2e4

    • SHA256

      0dee02b21cfc3d8055e4ea59c4df9a4d113dbe5676ce4946ec7406749eeb238f

    • SHA512

      e7b75a483e9a05a934f597d4ea8465972d7486df83e72cb62a184c2f3bb5ddae8a9df2b22e49fe898c2276c01de342f3115d7b4add09e0def86b37447f4e2f5e

    • SSDEEP

      12288:jmSKt5WG+DfnlcdOdU/vMWvoMgwsQIXEiPyz9xkPUCqnus/0:jp65WB7lcdOdU8WvoMgw3IXEiP4kPb+P

    Score
    1/10
    behavioral13behavioral14

    • Target

      darkgate/0e5f17f2697aea5447d90d79a827a72610238355bb29f0d7b27012d4e8a3c3be

    • Size

      433KB

    • MD5

      ba837c850e492f4282bf5e34f30cefa8

    • SHA1

      4ae7d8909e58f82408b22187b1085465976b3eae

    • SHA256

      0e5f17f2697aea5447d90d79a827a72610238355bb29f0d7b27012d4e8a3c3be

    • SHA512

      13b4a6044ac2d5b4a110431060abb5238778880097c6abc7e351b40ccc4e6dd2529114293fb10ef930d7d5b1ddc653f9faa0e9cc9e99c98f40d21663d416969d

    • SSDEEP

      12288:3Wy/dWy8VGJcix+d/WS8/Ruv0d5J/zW+hqxqnup/5:3p1p8V0x+d/WS8Hd/W+hqx+uJ5

    Score
    10/10
    darkgatediscoverystealer

    • DarkGate

      DarkGate is an infostealer written in C++.

      stealerdarkgate

    • Detect DarkGate stealer

    • Drops startup file

    • Suspicious use of SetThreadContext

    behavioral15behavioral16

    • Target

      darkgate/1059cbb1c50f300b1a9447453e1cca6c51dbd2cc901ea073e78047e71542b4bb

    • Size

      475KB

    • MD5

      63dcce4e7e3c514a02d5ec8b174c6bda

    • SHA1

      13ded43a8c8aba49e41e66b3d6f1a6c1adb08968

    • SHA256

      1059cbb1c50f300b1a9447453e1cca6c51dbd2cc901ea073e78047e71542b4bb

    • SHA512

      4572538f737affbd72076b8bc1499303a93dab0eceae20e2280363705a86bdca5363560af15b4dd52158b32b9a62078450d2fb354b7d92c92982fd80912465f9

    • SSDEEP

      12288:h0yYjNuWRUFBV0JBnSAVeaJiawKxIc6BXmLG2kLqnub/2lro:hDquW+50jnSAAa9wKxX6BX/dL+ub2Ro

    Score
    10/10
    darkgatediscoverystealer

    • DarkGate

      DarkGate is an infostealer written in C++.

      stealerdarkgate

    • Detect DarkGate stealer

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    behavioral17behavioral18

    • Target

      darkgate/10959b7b9a9d905c9cffdcddfc7567cefdd66bbe44ca7b5e302b57d2fa1b82ac

    • Size

      471KB

    • MD5

      582873cb47ed07c3bf236138ae576cdc

    • SHA1

      19f4e55f027bf6366760d5843ea4c59d031e3bc9

    • SHA256

      10959b7b9a9d905c9cffdcddfc7567cefdd66bbe44ca7b5e302b57d2fa1b82ac

    • SHA512

      a1bccd480cf2a3a8927e73eaedfbca115b3b230b0abeeb5af768972506241f04e1d0be4453ad444bada3c068e032d1d1b312f328f7b4251b13bf80a53eeff6a0

    • SSDEEP

      12288:K4i0blotKmmt1seWzTxbyUhHexOFQNk+kYuq8r1VdqZn0pqnu3/SkX:Kv2onmt1xWzTxb9h+MFQa+R985VoZm+Y

    Score
    3/10
    discovery
    behavioral19behavioral20

    • Target

      darkgate/10e69a62464edb0880e871362e62884136ad3026086d1e6873c9a67d52aea1e6

    • Size

      481KB

    • MD5

      a42efb653cc7b4d130bdef2d40256a81

    • SHA1

      dd40c9a37625357eebe3c82955d718912bf4a822

    • SHA256

      10e69a62464edb0880e871362e62884136ad3026086d1e6873c9a67d52aea1e6

    • SHA512

      468c182916d4f3f4ee148eeeefc67b7d7cecca272cad98c1349368f718b2c6e61cba37498dfe9f55ec2d8059d52b89d6e425936f6ded0254887ef3eb2fe6d8de

    • SSDEEP

      12288:73wfF2uWIOyAxbhWyElk3Xb8ruWqW3GMRIYQIperqnu5/uJC:7S2uWyAXWyElwL8rjv3qYdper+u5W

    Score
    3/10
    discovery
    behavioral21behavioral22

    • Target

      darkgate/13361b8acb85763dbf149732f9d5be0b3d028b958bd3b22411ee976a36dba450

    • Size

      504KB

    • MD5

      bfe43d58d7ac685bd275691a8949c590

    • SHA1

      dd10fb0674b75a296969853554ffa6fae6cb11e5

    • SHA256

      13361b8acb85763dbf149732f9d5be0b3d028b958bd3b22411ee976a36dba450

    • SHA512

      4e102ae8254cf4f902a78c03e5aaed252cd9bb8279921193d0ed9e50afe9c6887bf547ea6bc03db9378d363d9c31867252db8bb5ccd45aa4800ef42c6dbc5f99

    • SSDEEP

      12288:WO/io2WSEsTjiI6W3fbmmIbHRNYqGlvwsPyVzY5qnuP/uk:WciWeTjihW3fbJyHRuqmvwsKVzY5+uX

    Score
    1/10
    behavioral23behavioral24

    • Target

      darkgate/145a0faa4e25006cc3decef0f1541ea5f0e5ab0c8c446cdb921ac7b6c6c87bde

    • Size

      504KB

    • MD5

      e789d3d7185fd172f18295e3393647bf

    • SHA1

      606e42948fc9cb69a22073d2fce3452c660979fa

    • SHA256

      145a0faa4e25006cc3decef0f1541ea5f0e5ab0c8c446cdb921ac7b6c6c87bde

    • SHA512

      24150f03369b74449994d2095109951d2611e1cf2e59f53df6072305ef05018ec26a23f59aab5f4cf4a03f5eac9b83a203ff08754006c684768e16cf066dd3cf

    • SSDEEP

      12288:jmSKt5WG+DfnlcdOdU/vMWvoMgwsQIXEiPyz9xkPUEqnus/h:jp65WB7lcdOdU8WvoMgw3IXEiP4kP1+P

    Score
    1/10
    behavioral25behavioral26

    • Target

      darkgate/14f5e6c5c7e02acf97a44e476850c5c3df08057f6b93a5aae298d98e6a4dcfe4

    • Size

      474KB

    • MD5

      b8fb11ff8d082eac7c53b88d8ee2cbcd

    • SHA1

      7b868f47df830bbaaaedf2d8afbc7e4845dd23f6

    • SHA256

      14f5e6c5c7e02acf97a44e476850c5c3df08057f6b93a5aae298d98e6a4dcfe4

    • SHA512

      34d183755ec5d648937c0bde61875ea790587e018d8b56cd3e6807f0ba0e032e6c6517b11c0a383a913c02e440ec9daf4de77452d20ee194b2b38ee44edcc77d

    • SSDEEP

      12288:+722AOFW/xShLEs447yHQjHt5Ht9RR0leqMk8fpQ2eazqnuI/QL:+aqFW5SEs447y8t5N9j0gqMDu2D+umc

    Score
    10/10
    darkgatestealerdiscovery

    • DarkGate

      DarkGate is an infostealer written in C++.

      stealerdarkgate

    • Detect DarkGate stealer

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    behavioral27behavioral28

    • Target

      darkgate/186a474be7cd7fcac0e6b2747d0fcb90b7d7dd09ba93cf181780d823ddf6cef2

    • Size

      475KB

    • MD5

      049a48439bf8f788d7edda39d4baba72

    • SHA1

      56829a2120b6d055bb302c81341bc2921f759772

    • SHA256

      186a474be7cd7fcac0e6b2747d0fcb90b7d7dd09ba93cf181780d823ddf6cef2

    • SHA512

      4dca575a09a7db60d7855d71bf67ccbb8372a1d7b08e5474a4687b5aa6a08ba4ee53240a635d8881dc749fdb0220a29d638f5b0bd114202e7ae0c46d8811b78a

    • SSDEEP

      12288:p0yYjNuWRUFBV0JBnSAJe4z3MCabHMHqnub/7Cr:pDquW+50jnSAk4z3MLbsH+ub7U

    Score
    3/10
    discovery
    behavioral29behavioral30

    • Target

      darkgate/18d87c514ff25f817eac613c5f2ad39b21b6e04b6da6dbe8291f04549da2c290

    • Size

      423KB

    • MD5

      afe012ed0d96abfe869b9e26ea375824

    • SHA1

      c562a7bd1d5e72248a1eae7b47d1dc18db8432c0

    • SHA256

      18d87c514ff25f817eac613c5f2ad39b21b6e04b6da6dbe8291f04549da2c290

    • SHA512

      f18fd2fe8d60db9f9d7a5ae0a7a6872ea08f588adbd1858a26e90345aef3149989420f86c3994bdf1c187426b3f6d58e751b400a197b23ecff25e0d506104a15

    • SSDEEP

      6144:6KaDxUgUvVcmX+IosmZepDouQBYwZE/pfGx0oagug/Jyb1F5S7NQNh/:XUxGcmXPosmZepUuQBYFTgBsF5oU

    Score
    10/10
    darkgateadmin888stealerdiscovery

    • DarkGate

      DarkGate is an infostealer written in C++.

      stealerdarkgate

    • Detect DarkGate stealer

    behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

admin888ricocricoc2civilian1337herady5admin8888user_871236672darkgate
Score
10/10

behavioral1

darkgateadmin888stealer
Score
10/10

behavioral2

darkgateadmin888discoverystealer
Score
10/10

behavioral3

Score
1/10

behavioral4

discovery
Score
3/10

behavioral5

darkgatediscoverystealer
Score
10/10

behavioral6

darkgatediscoverystealer
Score
10/10

behavioral7

darkgatediscoverystealer
Score
10/10

behavioral8

darkgatediscoverystealer
Score
10/10

behavioral9

darkgatericocdiscoverystealer
Score
10/10

behavioral10

darkgatericocdiscoverystealer
Score
10/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

darkgatediscoverystealer
Score
10/10

behavioral16

darkgatediscoverystealer
Score
10/10

behavioral17

darkgatediscoverystealer
Score
10/10

behavioral18

darkgatediscoverystealer
Score
10/10

behavioral19

Score
1/10

behavioral20

discovery
Score
3/10

behavioral21

Score
1/10

behavioral22

discovery
Score
3/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

darkgatestealer
Score
10/10

behavioral28

darkgatediscoverystealer
Score
10/10

behavioral29

Score
1/10

behavioral30

discovery
Score
3/10

behavioral31

darkgateadmin888stealer
Score
10/10

behavioral32

darkgateadmin888discoverystealer
Score
10/10