General
-
Target
26102023_2326_drkgate_data2.bin
-
Size
405KB
-
MD5
2c48c5f619dd7ad5b6d4c36f56489a66
-
SHA1
661371c42e8aec0364a46210706cab150e42ede4
-
SHA256
14ed8ae1a9d44a500f57fa0273162907c05e31d8da92c474944bbd74f55d19b1
-
SHA512
62f28bb6ce33ef5598587819f5ec56ccccf138eef7b3e2d165ac9a0aa3c11da1b5e3f457ebdb05690e3d052961630876552f61e2bbfdb89533d0ba7b3327ae00
-
SSDEEP
6144:V5UTExW+vRaLjH5XVEqVomFDXfRhnJWoS1gAlCWZ44w:jUTExWnLjH5XVEqVvvnJWoSiAlTZ4
Score
10/10
Malware Config
Extracted
Family
darkgate
Botnet
user_871236672
C2
http://hadfadf87yuadfad.com
Attributes
-
alternative_c2_port
8080
-
anti_analysis
true
-
anti_debug
true
-
anti_vm
true
-
c2_port
2351
-
check_disk
true
-
check_ram
true
-
check_xeon
true
-
crypter_au3
false
-
crypter_dll
false
-
crypter_rawstub
true
-
crypto_key
CbTWFsAhFuOWYT
-
internal_mutex
txtMut
-
minimum_disk
40
-
minimum_ram
7000
-
ping_interval
4
-
rootkit
true
-
startup_persistence
true
-
username
user_871236672
Signatures
-
Darkgate family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
26102023_2326_drkgate_data2.bin
Password: infected
Headers
Sections