General
-
Target
4732-16-0x0000000004350000-0x0000000004713000-memory.dmp
-
Size
3.8MB
-
MD5
a9fc8a6bb762ac2e43a35963a351faf4
-
SHA1
35ec3358aae8f7c8e19ed105906bb9879c3dd965
-
SHA256
81876a1e4ccdfa0bae81cd04cee6e71dac1ebf18d1274f9586c27be068fdab52
-
SHA512
8e07a97b72ff9fad2012e9303d688315cdcdd85324f4ef17f53f6e229bf50ca65fd4dea1046f50322fc64dcf8d30b785a835a3966ec804902f3faa49eea98ec2
-
SSDEEP
24576:UcckxOWkPFEq1rCrZ/BQ6IPu0iH4dCk+uV3:9x6JEIPHiHTy
Malware Config
Extracted
Family
darkgate
Botnet
AA11
C2
http://94.228.169.143
Attributes
-
alternative_c2_port
8080
-
anti_analysis
true
-
anti_debug
true
-
anti_vm
false
-
c2_port
2351
-
check_disk
false
-
check_ram
false
-
check_xeon
false
-
crypter_au3
true
-
crypter_dll
false
-
crypter_rawstub
false
-
crypto_key
IDmfxvToPtabWZ
-
internal_mutex
txtMut
-
minimum_disk
100
-
minimum_ram
4096
-
ping_interval
4
-
rootkit
true
-
startup_persistence
true
-
username
AA11
Signatures
-
Darkgate family
Files
-
4732-16-0x0000000004350000-0x0000000004713000-memory.dmp