Overview

overview

10

Static

static

10

853e53f0fd...b0.exe

windows7-x64

10

853e53f0fd...b0.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    853e53f0fd01e14e61498ffea94d70b0.bin

  • Size

    481KB

  • MD5

    853e53f0fd01e14e61498ffea94d70b0

  • SHA1

    834836c3ea33b8d693e3fa01d170814bf87dd532

  • SHA256

    eaa2a9653157f3e52a379616fcde0911decaf0f069d3ee3f6b31f2d6087afe58

  • SHA512

    22356637e4aa2aa4f45366d64d6ae1eea067be41a8e008cc2bd5762cbac226772108c8155a9c2d1f60af61760e9ee331dd0943100e3f83890262b7fde1a89ef2

  • SSDEEP

    12288:Tn0PRXHWqWIbxvMkwi58JXhrtdNq7heBpi5/K2QqnuQ/iA11:TymqWI6kwi58JxrY7hmi5C2Q+u+V11

Score
10/10
ioeooow8urdarkgate

Malware Config

Extracted

Family

darkgate

Botnet

ioeooow8ur

C2

http://178.236.247.102

Attributes
  • alternative_c2_port

    9999

  • anti_analysis

    false

  • anti_debug

    false

  • anti_vm

    false

  • c2_port

    27850

  • check_disk

    true

  • check_ram

    true

  • check_xeon

    false

  • crypter_au3

    true

  • crypter_dll

    false

  • crypter_rawstub

    false

  • crypto_key

    RjRZGzBFKKciHs

  • internal_mutex

    cbdKcC

  • minimum_disk

    50

  • minimum_ram

    4096

  • ping_interval

    4

  • rootkit

    true

  • startup_persistence

    true

  • username

    ioeooow8ur

Signatures

  • Darkgate family
    darkgate
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 853e53f0fd01e14e61498ffea94d70b0.bin
    .exe windows:4 windows x86


    Headers

    Sections