General
-
Target
2720-12-0x0000000002FA0000-0x000000000329B000-memory.dmp
-
Size
3.0MB
-
MD5
e9a0309a428d111462cd66ad1de5c9d7
-
SHA1
bfe8860e3b966acd02dc64743fcd42e0e01eb462
-
SHA256
276ed7975c7d9d604c876ea3505886589addb49a4d55fb4ef3d8cd8d91d51afd
-
SHA512
9df22c3987d049ffe8d0b4eb972e61f5b772ce8fba7fd3a2a200620bc91cc1d4b06dfeb1d4b76b0c9771583cd31c8a53e27b51175332716fd90d72bc7f6da525
-
SSDEEP
6144:qfdZGBDQBegKz+lZBG2FCqLMvfioDoaPsafolCNupcNsKpRbDO1UWAya8A:CdZ+nz+lZBG+CVNfWZpcqKpRv
Malware Config
Extracted
Family
darkgate
Botnet
x88y8y
C2
91.222.173.42
Attributes
-
anti_analysis
true
-
anti_debug
false
-
anti_vm
true
-
c2_port
80
-
check_disk
false
-
check_ram
false
-
check_xeon
false
-
crypter_au3
false
-
crypter_dll
false
-
crypter_raw_stub
false
-
internal_mutex
hFPyhiRz
-
minimum_disk
100
-
minimum_ram
4096
-
ping_interval
6
-
rootkit
false
-
startup_persistence
true
-
username
x88y8y
Signatures
-
Darkgate family
-
Detect DarkGate stealer 1 IoCs
Processes:
resource yara_rule sample family_darkgate_v6
Files
-
2720-12-0x0000000002FA0000-0x000000000329B000-memory.dmp