darkgate | e92f111b8aa01289f72c66585219861e0117c9939de56741cbb234fee55536fe | Triage

Sharing

General

Target

e92f111b8aa01289f72c66585219861e0117c9939de56741cbb234fee55536fe.exe
Size

4.4MB
Sample

250213-ht48rsvqhy
MD5

d3de9b47f8ff4f23db2668f8ee287139
SHA1

1364d4a5afcaf3ebb147e0ff828028967800dbe3
SHA256

e92f111b8aa01289f72c66585219861e0117c9939de56741cbb234fee55536fe
SHA512

f6b4a2c922c007f91730eadf54b571107168977e79e31a902153fe553a9b2b4883aba44dbc149dbe4274cca4221cb6d53e8d75368818016e50eebbb6d920cf50
SSDEEP

49152:5R/KpmZubPf2S8W2ILeWl+C1p9jWy5S2d0eigXulQVvZxxgHHG8ekWeGMEOy24zI:H/jtYLP1Sy5F0AGGgVyLzKlf

Score

10^/10

darkgate traf777 discovery execution stealer

Malware Config

Extracted

Family

darkgate

Botnet

traf777

C2

66.42.96.199

Attributes

anti_analysis
true
anti_debug
false
anti_vm
true
c2_port
80
check_disk
false
check_ram
false
check_xeon
false
crypter_au3
false
crypter_dll
false
crypter_raw_stub
false
internal_mutex
BrgntNGq
minimum_disk
100
minimum_ram
4096
ping_interval
6
rootkit
false
startup_persistence
true
username
traf777

Targets

- Target
  
  e92f111b8aa01289f72c66585219861e0117c9939de56741cbb234fee55536fe.exe
- Size
  
  4.4MB
- MD5
  
  d3de9b47f8ff4f23db2668f8ee287139
- SHA1
  
  1364d4a5afcaf3ebb147e0ff828028967800dbe3
- SHA256
  
  e92f111b8aa01289f72c66585219861e0117c9939de56741cbb234fee55536fe
- SHA512
  
  f6b4a2c922c007f91730eadf54b571107168977e79e31a902153fe553a9b2b4883aba44dbc149dbe4274cca4221cb6d53e8d75368818016e50eebbb6d920cf50
- SSDEEP
  
  49152:5R/KpmZubPf2S8W2ILeWl+C1p9jWy5S2d0eigXulQVvZxxgHHG8ekWeGMEOy24zI:H/jtYLP1Sy5F0AGGgVyLzKlf
Score

10^/10

discovery execution darkgate traf777 stealer
- DarkGate
  DarkGate is an infostealer written in C++.
  stealer darkgate
- Darkgate family
  darkgate
- Detect DarkGate stealer
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Command and Scripting Interpreter: AutoIT
  Using AutoIT for possible automate script.
  execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

AutoHotKey & AutoIT

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

darkgatetraf777discoveryexecutionstealer