General
-
Target
3512-83-0x0000000004B30000-0x0000000004CC5000-memory.dmp
-
Size
1.6MB
-
Sample
231116-thwb9sec4v
-
MD5
71590543d65476c3ef9aef3bb8614574
-
SHA1
d1f2c659f5f91c9c57fbe3e7d5e77e6f62b6e98d
-
SHA256
14545fe3783f850c89cdf4e4ac4db95aa9ed04d21e55c3d5493edd2c828478fc
-
SHA512
9c8666deb6ee35213b5287acde138069641cb3f4078ac957e3da166c05916c4a6291774d8b786aad3699e67d7d5bc2254596b106ad5e394ec78e85468425a764
-
SSDEEP
12288:XTeT5MGECkLWxlppFGbwfifHR3pwN12+7:XmLLkLWxlppO/5yN12
Malware Config
Extracted
Family
darkgate
Botnet
A11111
C2
http://faststroygo.com
Attributes
-
alternative_c2_port
8080
-
anti_analysis
false
-
anti_debug
false
-
anti_vm
false
-
c2_port
80
-
check_disk
false
-
check_ram
false
-
check_xeon
false
-
crypter_au3
false
-
crypter_dll
false
-
crypter_rawstub
true
-
crypto_key
sYEvPOjQglaHah
-
internal_mutex
txtMut
-
minimum_disk
100
-
minimum_ram
4096
-
ping_interval
4
-
rootkit
true
-
startup_persistence
true
-
username
A11111