General
-
Target
2956-124-0x00000000032B0000-0x0000000003673000-memory.dmp
-
Size
3.8MB
-
MD5
07fc096343a1a1cb68bad8006b42c8e3
-
SHA1
aa29af76b0d85e1e1cf846a4490fdf944e4affab
-
SHA256
b226759cbbc0736a112d552b4d74020f207b0ffccbe766ced1d7b02c1a1ded6b
-
SHA512
6154530e89936968b8b164142f89794665cf2c6a5d5e5d3592fbee5e52d3ec7347734018ec3afeb39e846118e479c7c522fbe6ff1b29ff6c8851da677cf2ba52
-
SSDEEP
12288:ah2HNWn2m/BrYDK+BBUVyeh81Is4Kbi+9ayFWaNqnuJ/pJC:aKNW2mJYDK+BBCyI81npm+PFWaN+upD
Malware Config
Extracted
Family
darkgate
Botnet
AA11
C2
http://94.228.169.143
Attributes
-
alternative_c2_port
8080
-
anti_analysis
true
-
anti_debug
true
-
anti_vm
false
-
c2_port
2351
-
check_disk
false
-
check_ram
false
-
check_xeon
false
-
crypter_au3
true
-
crypter_dll
false
-
crypter_rawstub
false
-
crypto_key
DcUYQtmBvfDvHi
-
internal_mutex
txtMut
-
minimum_disk
100
-
minimum_ram
4096
-
ping_interval
4
-
rootkit
true
-
startup_persistence
true
-
username
AA11
Signatures
-
Darkgate family
Files
-
2956-124-0x00000000032B0000-0x0000000003673000-memory.dmp