General
-
Target
2576-53-0x0000000002310000-0x0000000002385000-memory.dmp
-
Size
468KB
-
MD5
cf911367f84876a9c8ec205478ceaf6e
-
SHA1
05ffe3d437f2ba15006396faf0e0b823191278a9
-
SHA256
f723bd47f73ba1c5a5178d82567b03f17b961c54aeb5e0ac49fa7a19b1221d02
-
SHA512
5d5f2e4ba65c951fd3f3ca4b9999b814e8f93f0d675e5bea1be1aadcee9ba11cdfa88b6b8bb13b76a6132f3ed2c059a3eb156fadc1c87fb5a05331bc37d6c35c
-
SSDEEP
6144:0g9n95GNwPq4LD6MWTDCT7hN79zZLq/SVPR3PPVp1oatE7edf/hQkO33SmIO:L9njK26MWTDC/79zZe/SVPRE7kRQksc
Malware Config
Extracted
Family
darkgate
Botnet
admin888
C2
backupssupport.com
Attributes
-
anti_analysis
true
-
anti_debug
false
-
anti_vm
true
-
c2_port
80
-
check_disk
false
-
check_ram
false
-
check_xeon
false
-
crypter_au3
false
-
crypter_dll
false
-
crypter_raw_stub
false
-
internal_mutex
rNDPYLnH
-
minimum_disk
50
-
minimum_ram
4000
-
ping_interval
6
-
rootkit
false
-
startup_persistence
true
-
username
admin888
Signatures
-
Darkgate family
-
Detect DarkGate stealer 1 IoCs
resource yara_rule sample family_darkgate_v6
Files
-
2576-53-0x0000000002310000-0x0000000002385000-memory.dmp