General
-
Target
3028-14-0x0000000004B70000-0x0000000004EBF000-memory.dmp
-
Size
3.3MB
-
MD5
5a2d66e45952338530739e26ced4adee
-
SHA1
08e46a7b46fe9ecb63954361d46ced4e02577a2a
-
SHA256
2e0e820a2839da006343b5fa18be65ac194272d80865ce819c38dabb4dc17d8b
-
SHA512
5415627d28ff57fe7162302e16c05715a37f48ea3f4d3e8f77b562e7cb2959ab8d69c0a1aee79b2d60a25a6009114eb992fa4e7583e2ceebca1f8ad8c06dc2a3
-
SSDEEP
6144:6Mfq0s7YJPQJrihgPNPuTHJZQgHZnK+loa7wu2r91yk+A5eLBMN4C:9fqIlQJriCpuTHJP/mrPuA5eLxC
Malware Config
Extracted
Family
darkgate
Botnet
admin888
C2
afdhf198jfadafdkfad.com
Attributes
-
anti_analysis
true
-
anti_debug
false
-
anti_vm
true
-
c2_port
80
-
check_disk
false
-
check_ram
false
-
check_xeon
false
-
crypter_au3
false
-
crypter_dll
false
-
crypter_raw_stub
false
-
internal_mutex
lrDcZuOq
-
minimum_disk
50
-
minimum_ram
7000
-
ping_interval
6
-
rootkit
false
-
startup_persistence
true
-
username
admin888
Signatures
-
Darkgate family
-
Detect DarkGate stealer 1 IoCs
resource yara_rule sample family_darkgate_v6
Files
-
3028-14-0x0000000004B70000-0x0000000004EBF000-memory.dmp