General
-
Target
5044-14-0x0000000004840000-0x0000000004C03000-memory.dmp
-
Size
3.8MB
-
MD5
932198c1aafc46f3e94c3dae32ebceee
-
SHA1
b297c2ebe6f9d5193b51f8c0980c9162e79a0551
-
SHA256
831666be48b7e31fae6de6f101f8e720aa231851451149395688a2e9b386882c
-
SHA512
2db26acb595ff52cb7fe41665b30daa59c3065b41e42e540829a7ab56d19f65cd97b8f94f33b272796e520155c5fa408bde9bb245414ea3d6ea6e52f241699c6
-
SSDEEP
24576:gSzWfqgnmq0Wwoc+U7px7fKotJWV/+uJb:gSOKZ7fKotbS
Malware Config
Extracted
Family
darkgate
Botnet
AA11
C2
http://94.228.169.143
Attributes
-
alternative_c2_port
8080
-
anti_analysis
true
-
anti_debug
true
-
anti_vm
false
-
c2_port
2351
-
check_disk
false
-
check_ram
false
-
check_xeon
false
-
crypter_au3
true
-
crypter_dll
false
-
crypter_rawstub
false
-
crypto_key
QftsbpyrJeATQI
-
internal_mutex
txtMut
-
minimum_disk
100
-
minimum_ram
4096
-
ping_interval
4
-
rootkit
true
-
startup_persistence
true
-
username
AA11
Signatures
-
Darkgate family
Files
-
5044-14-0x0000000004840000-0x0000000004C03000-memory.dmp