darkgate | cfa0a176bad0046bd498a5a7f5140ca92734b096c541a54acd1b002f228ec47c | Triage

Submit
Reports

Overview

overview

Static

static

3

19062024_0...r1.exe

windows7-x64

19062024_0...r1.exe

windows10-2004-x64

Sharing

General

Target

19062024_0932_seo_cr1.exe
Size

3.8MB
Sample

240619-lhr1vaxhjb
MD5

b2d33941295f236bebee0d3c389a8549
SHA1

76bfc480242219d14cfbbb8dd7628c3c9bde7f7d
SHA256

cfa0a176bad0046bd498a5a7f5140ca92734b096c541a54acd1b002f228ec47c
SHA512

c7a8a877a93590876221c9bf0c21e04b78a8a8af415c1a70c776744702d3442aa9ffab2d480cc5d6f78a444d74ed3b6eac0407f6b571ddd02e63058d5386aae4
SSDEEP

24576:VUFFAjGxqL+VD3crlj8XR2GN19yK9fbxjSXIQ8j0b4qsfQ9Mrm94+CJWMD/NXChu:NKUo3klIXhNryuI2j0sVf9

Score

10^/10

darkgate x6x6x7x77xx6x6x67 execution stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

19062024_0932_seo_cr1.exe

Resource

win7-20240221-en

darkgate x6x6x7x77xx6x6x67 execution stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

19062024_0932_seo_cr1.exe

Resource

win10v2004-20240508-en

darkgate x6x6x7x77xx6x6x67 execution stealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

darkgate

Botnet

x6x6x7x77xx6x6x67

C2

dr-networks.com

Attributes

anti_analysis
true
anti_debug
false
anti_vm
true
c2_port
80
check_disk
false
check_ram
false
check_xeon
false
crypter_au3
false
crypter_dll
false
crypter_raw_stub
false
internal_mutex
rbQZFzKA
minimum_disk
100
minimum_ram
4096
ping_interval
6
rootkit
false
startup_persistence
true
username
x6x6x7x77xx6x6x67

Targets

- Target
  
  19062024_0932_seo_cr1.exe
- Size
  
  3.8MB
- MD5
  
  b2d33941295f236bebee0d3c389a8549
- SHA1
  
  76bfc480242219d14cfbbb8dd7628c3c9bde7f7d
- SHA256
  
  cfa0a176bad0046bd498a5a7f5140ca92734b096c541a54acd1b002f228ec47c
- SHA512
  
  c7a8a877a93590876221c9bf0c21e04b78a8a8af415c1a70c776744702d3442aa9ffab2d480cc5d6f78a444d74ed3b6eac0407f6b571ddd02e63058d5386aae4
- SSDEEP
  
  24576:VUFFAjGxqL+VD3crlj8XR2GN19yK9fbxjSXIQ8j0b4qsfQ9Mrm94+CJWMD/NXChu:NKUo3klIXhNryuI2j0sVf9
Score

10^/10

darkgate x6x6x7x77xx6x6x67 execution stealer
- DarkGate
  DarkGate is an infostealer written in C++.
  stealer darkgate
- Detect DarkGate stealer
- Executes dropped EXE
- Loads dropped DLL
- Command and Scripting Interpreter: AutoIT
  Using AutoIT for possible automate script.
  execution
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

darkgatex6x6x7x77xx6x6x67executionstealer

behavioral2

darkgatex6x6x7x77xx6x6x67executionstealer

© 2018-2024

Terms | Privacy