General

  • Target

    1272-13-0x0000000003240000-0x00000000035C8000-memory.dmp

  • Size

    3.5MB

  • MD5

    6e60a019b9e96cce17ffbeffb16c7d8a

  • SHA1

    b0dd589d9257bdee6cc9ddfab4dff42475efa74e

  • SHA256

    802cf8b7b5a8cd4566fed30a775e5e39cd44fd0844b02187e22ef408e97a40a1

  • SHA512

    9dcdd886c783e9a12c4413799b6ed14783184c6d626e68d8ec32e953c53dc260145065a3e6e1c9c60775bfe8be1f2fa6450d96205e51d5ce2abf387cc9d77327

  • SSDEEP

    6144:tk1Ac2x7kDpDSbJ9OP1fAU8N4o3aDCvBKDoaDPr5ra9Hvr/zGQB:+Sc2GDS14tXg4EarNsvr/

Malware Config

Extracted

Family

darkgate

Botnet

x6x6x7x77xx6x6x67

C2

dr-networks.com

Attributes
  • anti_analysis

    true

  • anti_debug

    false

  • anti_vm

    true

  • c2_port

    80

  • check_disk

    false

  • check_ram

    false

  • check_xeon

    false

  • crypter_au3

    false

  • crypter_dll

    false

  • crypter_raw_stub

    false

  • internal_mutex

    rbQZFzKA

  • minimum_disk

    100

  • minimum_ram

    4096

  • ping_interval

    6

  • rootkit

    false

  • startup_persistence

    true

  • username

    x6x6x7x77xx6x6x67

Signatures

  • Darkgate family
  • Detect DarkGate stealer 1 IoCs

Files

  • 1272-13-0x0000000003240000-0x00000000035C8000-memory.dmp