Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Malware

Darkgate ( Ransomware ) – Malware

June 2, 2023
Reading Time: 4 mins read
in Malware, Types of Malware
Name Darkgate
Type of Malware Cryptocurrency mining, crypto stealing, ransomware
Date of initial activity 2017
Associated Groups Golroted.
Motivation Ransomware attack, credential stealing, remote-access takeovers, and cryptomining
Attack Vectors Torrent files
Targeted System Windows devices mainly in Europe

Overview

Darkgate is a multifunction malware active since December 2017 which combines ransomware, credential stealing, and RAT and cryptomining abilities. Targeting mostly the Windows OS, DarkGate employs a variety of evasion techniques.

Targets

Mainly used to attack companies that specialize in finance, consumer goods, and energy. It is also used to attack the manufacturing industry.

Tools/ Techniques Used

DarkGate malware is capable of avoiding detection by several AV products, and of executing multiple payloads including cryptocurrency mining, crypto stealing, ransomware, and the ability to remotely take control of the endpoint. One of the unique techniques used by the DarkGate malware lies within its multi-stage unpacking method. The first file executed is an obfuscated VBScript file, which functions as a dropper and performs several actions. The torrent files, according to enSilo’s blog post are responsible for distributing this malware are disguised as famous entertainment offerings such as The Walking Dead and Campeones, etc. However, actually, these files execute infected VBscripts on the victim’s computer. After infecting the machine, the malware first interacts with the C&C server to initiate the mining process and later it performs several other attacks.

The critical elements of the DarkGate malware are that it:

  • Leverages a C&C infrastructure cloaked in legitimate DNS records from legitimate services, including Akamai CDN and AWS, which helps it avoid reputation-based detection techniques
  • Uses multiple methods for avoiding detection by traditional AV using vendor-specific checks and actions, including the use of the process hollowing technique
  • Has the ability to evade the elimination of critical files by several known recovery tools
  • Uses two distinct User Account Control (UAC) bypass techniques to escalate privileges
  • Is capable of detonating multiple payloads with capabilities that include cryptocurrency mining, crypto stealing (theft of credentials associated with crypto wallets), ransomware, and remote control

Indicators of Compromise (IoCs)

DOMAINS
akamai.la
 
hardwarenet.cc
 
ec2-14-122-45-127.compute-1.amazonaws.cdnprivate.tel
 
awsamazon.cc
 
battlenet.la
 
a40-77-229-13.deploy.static.akamaitechnologies.pw
 
SAMPLE HASHES
 
3340013b0f00fe0c9e99411f722f8f3f0baf9ae4f40ac78796a6d4d694b46d7b
 
0c3ef20ede53efbe5eebca50171a589731a17037147102838bdb4a41c33f94e5
 
3340013b0f00fe0c9e99411f722f8f3f0baf9ae4f40ac78796a6d4d694b46d7b
 
0c3ef20ede53efbe5eebca50171a589731a17037147102838bdb4a41c33f94e5
 
52c47a529e4ddd0778dde84b7f54e1aea326d9f8eeb4ba4961a87835a3d29866
 
b0542a719c6b2fc575915e9e4c58920cf999ba5c3f5345617818a9dc14a378b4
 
dadd0ec8806d506137889d7f1595b3b5447c1ea30159432b1952fa9551ecfba5
 
c88eab30fa03c44b567bcb4e659a60ee0fe5d98664816c70e3b6e8d79169cbea
 
2264c2f2c2d5a0d6d62c33cadb848305a8fff81cdd79c4d7560021cfb304a121
 
3c68facf01aede7bcd8c2aea853324a2e6a0ec8b026d95c7f50a46d77334c2d2
 
a146f84a0179124d96a707f192f4c06c07690e745cffaef521fcda9633766a44
 
abc35bb943462312437f0c4275b012e8ec03899ab86d353143d92cbefedd7f9d
 
908f2dfed6c122b46e946fe8839feb9218cb095f180f86c43659448e2f709fc7
 
3491bc6df27858257db26b913da8c35c83a0e48cf80de701a45a30a30544706d
 

References

  1. Enter The DarkGate – New Cryptocurrency Mining and Ransomware Campaign

Tags: CredentialsCryptocurrencyCybersecurityDarkgateFile InfectorGolrotedHackerMalwaremalware nameOSRansomwareWindows
ADVERTISEMENT

Related Posts

Iranian Phishing Campaign (Scam) – Malware

Iranian Phishing Campaign (Scam) – Malware

March 2, 2025
Fake WalletConnect (Infostealer) – Malware

Fake WalletConnect (Infostealer) – Malware

March 2, 2025
SilentSelfie (Infostealer) – Malware

SilentSelfie (Infostealer) – Malware

March 2, 2025
Sniper Dz (Scam) – Malware

Sniper Dz (Scam) – Malware

March 2, 2025
TikTok Malware Scam (Trojan) – Malware

TikTok Malware Scam (Trojan) – Malware

March 2, 2025
Zombinder (Exploit Kit) – Malware

Zombinder (Exploit Kit) – Malware

March 2, 2025

Latest Alerts

New ZeroCrumb Malware Steals Browser Cookies

TikTok Videos Spread Vidar StealC Malware

CISA Commvault ZeroDay Flaw Risks Secrets

GitLab Patch Stops Service Disruption Risks

3AM Ransomware Email Bomb and Vishing Threat

Function Confusion Hits Serverless Clouds

Subscribe to our newsletter

    Latest Incidents

    Cetus Crypto Exchange Hacked For $223M

    MCP Data Breach Hits 235K NC Lab Patients

    UFCW Data Breach Risks Social Security Data

    Cyberattack Paralyzes French Hauts de Seine

    Santa Fe City Loses $324K In Hacker Scam

    Belgium Housing Hit by Ransomware Attack

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial