General
-
Target
2472-15-0x0000000000770000-0x00000000007D7000-memory.dmp
-
Size
412KB
-
Sample
231031-3jzkrafe8z
-
MD5
16ec458758cb0f40bd758e6ebb8b384f
-
SHA1
3c28d1e765d8de4bc7ff8939c2aa333b0dbb51e2
-
SHA256
d8d513342e727b085859cb3cece7efbd71851cd5d59f80100e01c6b6b507211d
-
SHA512
da8648307b1335a4fda60f17f6994e43411cec77d498186156e2979cdb83a7273bdbd776b7f1b72b925f86293beb59eaf6441250164f6c330d81971059951aca
-
SSDEEP
6144:pfZk2/Zu30WbMAOozifhNay3p3yra20fSjtPJ5AOSd1d:bkkZuEWzOozifhNarFjtBfif
Malware Config
Extracted
darkgate
Ricoc3
http://hgfdytrywq.com
-
alternative_c2_port
8080
-
anti_analysis
false
-
anti_debug
false
-
anti_vm
false
-
c2_port
80
-
check_disk
false
-
check_ram
false
-
check_xeon
false
-
crypter_au3
false
-
crypter_dll
false
-
crypter_rawstub
true
-
crypto_key
uwCQCDKnhIZhrE
-
internal_mutex
txtMut
-
minimum_disk
100
-
minimum_ram
4096
-
ping_interval
4
-
rootkit
true
-
startup_persistence
true
-
username
Ricoc3
Targets
-
-
Target
2472-15-0x0000000000770000-0x00000000007D7000-memory.dmp
-
Size
412KB
-
MD5
16ec458758cb0f40bd758e6ebb8b384f
-
SHA1
3c28d1e765d8de4bc7ff8939c2aa333b0dbb51e2
-
SHA256
d8d513342e727b085859cb3cece7efbd71851cd5d59f80100e01c6b6b507211d
-
SHA512
da8648307b1335a4fda60f17f6994e43411cec77d498186156e2979cdb83a7273bdbd776b7f1b72b925f86293beb59eaf6441250164f6c330d81971059951aca
-
SSDEEP
6144:pfZk2/Zu30WbMAOozifhNay3p3yra20fSjtPJ5AOSd1d:bkkZuEWzOozifhNarFjtBfif
Score10/10-
DarkGate
DarkGate is an infostealer written in C++.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-