Overview

overview

10

Static

static

10

2496-34-0x...ry.exe

windows7-x64

1

2496-34-0x...ry.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2496-34-0x0000000003E60000-0x000000000418A000-memory.dmp

  • Size

    3.2MB

  • Sample

    231025-v5ajradb42

  • MD5

    dae707e52e476927b61e6bb8f3f6d81c

  • SHA1

    f5c666ee27e4ddb3f70cfd6dcad322aafc732f2c

  • SHA256

    fc191e59c41d9ecc7622ff6cb1abe7102117160fe063dd5d2660e2d982b018a4

  • SHA512

    7d1288fda1d34c450c74779af830959ce4b5989aed38d8c6b2e5bad767b822192448bfde0de84fca04e8cab8667a566b4236f4e54a072c3affc114b3c3b4c78a

  • SSDEEP

    6144:/dp5XFfWOPc0GXMVkArLNGbGFXgDlhgeOZSM4Ye9dfI:1pJFfWxXMVkArLHQDzbOn4T7

Score
10/10
darkgateads5

Malware Config

Extracted

Family

darkgate

Botnet

ADS5

C2

http://sftp.bitepieces.com

Attributes
  • alternative_c2_port

    8080

  • anti_analysis

    true

  • anti_debug

    true

  • anti_vm

    true

  • c2_port

    443

  • check_disk

    true

  • check_ram

    true

  • check_xeon

    true

  • crypter_au3

    false

  • crypter_dll

    false

  • crypter_rawstub

    true

  • crypto_key

    ibUsJJzrDXJckq

  • internal_mutex

    txtMut

  • minimum_disk

    40

  • minimum_ram

    7000

  • ping_interval

    4

  • rootkit

    true

  • startup_persistence

    true

  • username

    ADS5

Targets

    • Target

      2496-34-0x0000000003E60000-0x000000000418A000-memory.dmp

    • Size

      3.2MB

    • MD5

      dae707e52e476927b61e6bb8f3f6d81c

    • SHA1

      f5c666ee27e4ddb3f70cfd6dcad322aafc732f2c

    • SHA256

      fc191e59c41d9ecc7622ff6cb1abe7102117160fe063dd5d2660e2d982b018a4

    • SHA512

      7d1288fda1d34c450c74779af830959ce4b5989aed38d8c6b2e5bad767b822192448bfde0de84fca04e8cab8667a566b4236f4e54a072c3affc114b3c3b4c78a

    • SSDEEP

      6144:/dp5XFfWOPc0GXMVkArLNGbGFXgDlhgeOZSM4Ye9dfI:1pJFfWxXMVkArLHQDzbOn4T7

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks