Overview

overview

10

Static

static

10

1056-126-0...ry.exe

windows7-x64

1

1056-126-0...ry.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1056-126-0x0000000002E50000-0x000000000317A000-memory.dmp

  • Size

    3.2MB

  • Sample

    231109-zdx8yseh55

  • MD5

    892894991656ae576e2a4322bfd5651d

  • SHA1

    8bb0297c8aa5517eb598d2702658ab1910d28e02

  • SHA256

    67a8acb67576bef20bf95f73b16b09e38645c7cf193ded7b0cf8d5c723d9880f

  • SHA512

    5e43424af8a4a83caf7c53ee86a84c52937185005edaf99cfb08926af3e137ab75edd06b47c2f09e17f032588aae526adcbad15e14ee93196cdfe751a1c32838

  • SSDEEP

    6144:B9v6arXTWm+4itdyp2W9tlULZCtDqFnRGXE+5NfX4gZw:7v6arDWP5dyp2W9tnMnRf+Pfo

Score
10/10
darkgateads5

Malware Config

Extracted

Family

darkgate

Botnet

ADS5

C2

http://sftp.bitepieces.com

Attributes
  • alternative_c2_port

    8080

  • anti_analysis

    true

  • anti_debug

    true

  • anti_vm

    true

  • c2_port

    443

  • check_disk

    true

  • check_ram

    true

  • check_xeon

    true

  • crypter_au3

    false

  • crypter_dll

    false

  • crypter_rawstub

    true

  • crypto_key

    KnqeTJUYsrnUBP

  • internal_mutex

    txtMut

  • minimum_disk

    40

  • minimum_ram

    7000

  • ping_interval

    4

  • rootkit

    true

  • startup_persistence

    true

  • username

    ADS5

Targets

    • Target

      1056-126-0x0000000002E50000-0x000000000317A000-memory.dmp

    • Size

      3.2MB

    • MD5

      892894991656ae576e2a4322bfd5651d

    • SHA1

      8bb0297c8aa5517eb598d2702658ab1910d28e02

    • SHA256

      67a8acb67576bef20bf95f73b16b09e38645c7cf193ded7b0cf8d5c723d9880f

    • SHA512

      5e43424af8a4a83caf7c53ee86a84c52937185005edaf99cfb08926af3e137ab75edd06b47c2f09e17f032588aae526adcbad15e14ee93196cdfe751a1c32838

    • SSDEEP

      6144:B9v6arXTWm+4itdyp2W9tlULZCtDqFnRGXE+5NfX4gZw:7v6arDWP5dyp2W9tnMnRf+Pfo

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks