General
-
Target
2972-34-0x0000000003160000-0x00000000031D3000-memory.dmp
-
Size
460KB
-
Sample
240325-zsf8zscb7s
-
MD5
495e0802a8c62154e68f31419f50fcb0
-
SHA1
6d451f1648f2dd51451055ce5b625ca23c6f277f
-
SHA256
39c60d4fed7197bc22c3ed95b63e6608d4afdbc681d95db8ed2f9cafdbb45344
-
SHA512
b3aa78521ce479cf4a329f33589860a285314c1f6411f1309197798ee2ba352c7ae2a88b8432541348cf1d415a59bdb17511b13f32c325ce91e2d69e9590e0c3
-
SSDEEP
6144:eACxzhjyHnIg8/UKq0O5Br4+xV0GgrGstc2hRbf9/eMJoa044SKCWrzS/VTfry9/:JEFZC7r1xV0vrGstc2hDf4LlzSRm9
Malware Config
Extracted
Family
darkgate
Botnet
admin888
C2
goingupdate.com
Attributes
-
anti_analysis
true
-
anti_debug
false
-
anti_vm
true
-
c2_port
80
-
check_disk
false
-
check_ram
false
-
check_xeon
false
-
crypter_au3
false
-
crypter_dll
false
-
crypter_raw_stub
false
-
internal_mutex
BCaKNSck
-
minimum_disk
50
-
minimum_ram
4000
-
ping_interval
6
-
rootkit
false
-
startup_persistence
true
-
username
admin888