General
-
Target
4636-16-0x0000000004B40000-0x0000000004F03000-memory.dmp
-
Size
3.8MB
-
MD5
336e159f1192ef5be0bb6a877dbf0bbc
-
SHA1
70c0b6c34b4211ec24b53ea90383eeade02d2170
-
SHA256
5f66094a71306d095d35355bc47ef66b26ca0fb5058ecd171f6f61bde948f8bf
-
SHA512
5b19d83f681ad3354ebe06eed8ff715f25af9612ffee70d2ce673222eb496751989c183a22cf55dbf4dfcdd8a925fc3aa0d2d15c3443075343d61c12e3835f9b
-
SSDEEP
12288:QH2Zd+gWswKAJb52TGkd9mXHicUTWOSm7eIowGMmdjqnup//JC:QWvjWsXAH2qkd9mzUTL/aINZm5+uJR
Malware Config
Extracted
Family
darkgate
Botnet
Ricoc
C2
http://5.188.87.58
Attributes
-
alternative_c2_port
9999
-
anti_analysis
false
-
anti_debug
true
-
anti_vm
false
-
c2_port
2351
-
check_disk
false
-
check_ram
false
-
check_xeon
false
-
crypter_au3
true
-
crypter_dll
false
-
crypter_rawstub
false
-
crypto_key
DDrEhtzsHPvezn
-
internal_mutex
bKcDaE
-
minimum_disk
100
-
minimum_ram
4096
-
ping_interval
4
-
rootkit
true
-
startup_persistence
true
-
username
Ricoc
Signatures
-
Darkgate family
Files
-
4636-16-0x0000000004B40000-0x0000000004F03000-memory.dmp