darkgate | 8a2edeef9978d454882bfb233d9cd77505618b854f7899b27aeb095ff8ebb3f4 | Triage

Sharing

General

Target

8a2edeef9978d454882bfb233d9cd77505618b854f7899b27aeb095ff8ebb3f4
Size

4.2MB
Sample

241026-ql544avbpb
MD5

74019cf8562c516c372e09ce02de7355
SHA1

3ce6f711cd1ad954b96cb98055a3a40dae8c9a65
SHA256

8a2edeef9978d454882bfb233d9cd77505618b854f7899b27aeb095ff8ebb3f4
SHA512

7b41d9a1387ebdded1833a655166ffb2cd43b0eb490c5899bf72355a5e2e371b2d0be2231c5252b8fb2a569c92884e8a3391163207fdcb74e66edebcf5cfc771
SSDEEP

49152:1qCI3jRuBrxpU4hEZ/qCOyHcRdzFqivZaFChW7ZapGC8FXw+aPwEFtS5/BEc74fu:8CSsrxpU4hE1qCOeNiTGC89aZS2L

Score

10^/10

darkgate admin888 dave discovery execution stealer

Malware Config

Extracted

Family

darkgate

Botnet

admin888

C2

afdhf198jfadafdkfad.com

Attributes

anti_analysis
true
anti_debug
false
anti_vm
true
c2_port
80
check_disk
false
check_ram
false
check_xeon
false
crypter_au3
false
crypter_dll
false
crypter_raw_stub
false
internal_mutex
lrDcZuOq
minimum_disk
50
minimum_ram
7000
ping_interval
6
rootkit
false
startup_persistence
true
username
admin888

Targets

- Target
  
  8a2edeef9978d454882bfb233d9cd77505618b854f7899b27aeb095ff8ebb3f4
- Size
  
  4.2MB
- MD5
  
  74019cf8562c516c372e09ce02de7355
- SHA1
  
  3ce6f711cd1ad954b96cb98055a3a40dae8c9a65
- SHA256
  
  8a2edeef9978d454882bfb233d9cd77505618b854f7899b27aeb095ff8ebb3f4
- SHA512
  
  7b41d9a1387ebdded1833a655166ffb2cd43b0eb490c5899bf72355a5e2e371b2d0be2231c5252b8fb2a569c92884e8a3391163207fdcb74e66edebcf5cfc771
- SSDEEP
  
  49152:1qCI3jRuBrxpU4hEZ/qCOyHcRdzFqivZaFChW7ZapGC8FXw+aPwEFtS5/BEc74fu:8CSsrxpU4hE1qCOeNiTGC89aZS2L
Score

10^/10

darkgate admin888 discovery execution stealer
- DarkGate
  DarkGate is an infostealer written in C++.
  stealer darkgate
- Darkgate family
  darkgate
- Detect DarkGate stealer
- Executes dropped EXE
- Loads dropped DLL
- Command and Scripting Interpreter: AutoIT
  Using AutoIT for possible automate script.
  execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

AutoHotKey & AutoIT

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkgateadmin888discoveryexecutionstealer

behavioral2

darkgateadmin888discoveryexecutionstealer