Overview

overview

10

Static

static

10

624-36-0x0...ry.dmp

windows7-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    624-36-0x00000000048C0000-0x0000000004C47000-memory.dmp

  • Size

    3.5MB

  • MD5

    17c74f1615658e6fc92babdcc87957d8

  • SHA1

    aef767b22dbd881a0462c59a2d15287e5d24462f

  • SHA256

    9be1a95a3682b07aa53a5d6f63be3e131d2ba8da68204f71c3ed87ac3fc28528

  • SHA512

    d5e184f174f5764196630cfdfc70a128497562247cc2f20750ae6173629aca98b402844972f315db50f2c6df53058fde52fb62a829ba88ced47c54da0750b68c

  • SSDEEP

    6144:gmFFYrx0PmfUH1YTCh+mlrDvWBaoakAI04Yd1FkMGDhGQBe:lFFYrkmfUVY8+mp3I0/ZkMi+

Score
10/10
admin888darkgate

Malware Config

Extracted

Family

darkgate

Botnet

admin888

C2

flexiblemaria.com

Attributes
  • anti_analysis

    true

  • anti_debug

    false

  • anti_vm

    true

  • c2_port

    80

  • check_disk

    false

  • check_ram

    false

  • check_xeon

    false

  • crypter_au3

    false

  • crypter_dll

    false

  • crypter_raw_stub

    false

  • internal_mutex

    rZyBgHHD

  • minimum_disk

    100

  • minimum_ram

    4096

  • ping_interval

    6

  • rootkit

    false

  • startup_persistence

    true

  • username

    admin888

Signatures

  • Darkgate family
    darkgate
  • Detect DarkGate stealer 1 IoCs

Files

  • 624-36-0x00000000048C0000-0x0000000004C47000-memory.dmp