darkgate | c4230a6d0a1c4156284b4247703f0c135687a1937bfd94d7733fb1401ec65bdc | Triage

Submit
Reports

Overview

overview

Static

static

3

c4230a6d0a...cN.exe

windows7-x64

c4230a6d0a...cN.exe

windows10-2004-x64

Sharing

General

Target

c4230a6d0a1c4156284b4247703f0c135687a1937bfd94d7733fb1401ec65bdcN.exe
Size

6.7MB
Sample

241218-193nzsvngl
MD5

654c90460217be81935b7bd2539e21d0
SHA1

2244e387c30bb852c2d709d9bf60f37c66239345
SHA256

c4230a6d0a1c4156284b4247703f0c135687a1937bfd94d7733fb1401ec65bdc
SHA512

076e09b31b1dea5e8542d9c8de80f5a8da811f102bd13e2da766d503931fd811c4a38ffcec50e1a0c641392e571c73af6ea8d41e765f5266a95475e97fbc4223
SSDEEP

98304:FRXveERYHssF12MVwjbFGzdaDMF/Qi0GyREcBhmca3wjA5Ok/OyC:FRbRYM612MVQbF8gOOCcBhmca3w0o

Score

10^/10

darkgate drk3 discovery execution persistence stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

c4230a6d0a1c4156284b4247703f0c135687a1937bfd94d7733fb1401ec65bdcN.exe

Resource

win7-20240729-en

darkgate drk3 discovery execution persistence stealer

windows7-x64

14 signatures

120 seconds

Behavioral task

behavioral2

Sample

c4230a6d0a1c4156284b4247703f0c135687a1937bfd94d7733fb1401ec65bdcN.exe

Resource

win10v2004-20241007-en

darkgate drk3 discovery execution persistence stealer

windows10-2004-x64

13 signatures

120 seconds

Malware Config

Extracted

Family

darkgate

Botnet

drk3

C2

aspava-yachting.com

Attributes

anti_analysis
false
anti_debug
false
anti_vm
false
c2_port
80
check_disk
false
check_ram
false
check_xeon
false
crypter_au3
false
crypter_dll
false
crypter_raw_stub
false
internal_mutex
kDWIiPpI
minimum_disk
100
minimum_ram
4096
ping_interval
6
rootkit
false
startup_persistence
true
username
drk3

Targets

- Target
  
  c4230a6d0a1c4156284b4247703f0c135687a1937bfd94d7733fb1401ec65bdcN.exe
- Size
  
  6.7MB
- MD5
  
  654c90460217be81935b7bd2539e21d0
- SHA1
  
  2244e387c30bb852c2d709d9bf60f37c66239345
- SHA256
  
  c4230a6d0a1c4156284b4247703f0c135687a1937bfd94d7733fb1401ec65bdc
- SHA512
  
  076e09b31b1dea5e8542d9c8de80f5a8da811f102bd13e2da766d503931fd811c4a38ffcec50e1a0c641392e571c73af6ea8d41e765f5266a95475e97fbc4223
- SSDEEP
  
  98304:FRXveERYHssF12MVwjbFGzdaDMF/Qi0GyREcBhmca3wjA5Ok/OyC:FRbRYM612MVQbF8gOOCcBhmca3w0o
Score

10^/10

darkgate drk3 discovery execution persistence stealer
- DarkGate
  DarkGate is an infostealer written in C++.
  stealer darkgate
- Darkgate family
  darkgate
- Detect DarkGate stealer
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Command and Scripting Interpreter: AutoIT
  Using AutoIT for possible automate script.
  execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

AutoHotKey & AutoIT

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkgatedrk3discoveryexecutionpersistencestealer

behavioral2

darkgatedrk3discoveryexecutionpersistencestealer

© 2018-2025

Terms | Privacy