Overview

overview

10

Static

static

10

NEAS.09102...JC.exe

windows7-x64

10

NEAS.09102...JC.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    NEAS.091020232237msidrkgatebin_JC.exe

  • Size

    481KB

  • MD5

    2b66b3880b08db88998784d097e1731a

  • SHA1

    a0223f7c413dce4e7d33338b79caf648ef761d49

  • SHA256

    ad29abc0aaf0600168b79d9197927383eab553ac79c1d72dbc2fb0c4c8bc007c

  • SHA512

    6c5de643104293de3e42180d691b50d9ea49bb1e02ccaf646cd52c2566072baf125088fc2ab746001e8107c635971cd98cb896c95a7aa1dadb98f0041f575e2d

  • SSDEEP

    12288:73wfF2uWIOyAxbhWyElk3Xb8ruWqW3GMRIYQIpeiqnu5/9aJCE:7S2uWyAXWyElwL8rjv3qYdpei+u581

Score
10/10
a1111darkgate

Malware Config

Extracted

Family

darkgate

Botnet

A1111

C2

http://wilsoncallert.com

Attributes
  • alternative_c2_port

    8080

  • anti_analysis

    true

  • anti_debug

    true

  • anti_vm

    false

  • c2_port

    2351

  • check_disk

    false

  • check_ram

    false

  • check_xeon

    false

  • crypter_au3

    true

  • crypter_dll

    false

  • crypter_rawstub

    false

  • crypto_key

    VRMbZArCtfpdLR

  • internal_mutex

    txtMut

  • minimum_disk

    100

  • minimum_ram

    4096

  • ping_interval

    4

  • rootkit

    true

  • startup_persistence

    true

  • username

    A1111

Signatures

  • Darkgate family
    darkgate
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • NEAS.091020232237msidrkgatebin_JC.exe
    .exe windows:4 windows x86


    Headers

    Sections