General

  • Target

    2025-05-10_b47edbaaafa0e9436b6fe70620b3483b_darkgate_elex_icedid_poet-rat_zxxz

  • Size

    35.5MB

  • MD5

    b47edbaaafa0e9436b6fe70620b3483b

  • SHA1

    ba6a106b6667cfb15a2c3a7761189b7699b5b2a8

  • SHA256

    49b62df7c253628dfd90aba39cdd061c48d0b15eea86eefa4e9f7ca08a6b2afd

  • SHA512

    90d802377cd4e443dfdcd4689dff77832927a8593420c6fa22a0590f24660ea498e7c8dc4796b3d89fce555d13609a5a3ab53accd6f79c6169198fff36c02522

  • SSDEEP

    196608:DsgiEuV5hhv5V57+btH5KUxamErRyhdGJgaMkG8K1HBRM4kqptasktkvzAgb09n:Hk5htX5atH5imEoJhN1HG/wzAu

Score
10/10

Malware Config

Extracted

Family

aresloader

C2

http://110.42.59.123:8089

http://127.0.0.1:8888

http://127.0.0.1:8080

http://192.168.31.111

Signatures

  • Aresloader family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2025-05-10_b47edbaaafa0e9436b6fe70620b3483b_darkgate_elex_icedid_poet-rat_zxxz
    .exe windows:4 windows x86 arch:x86

    bccdd76236c96ea904c31e40a4da79e5


    Headers

    Imports

    Sections