General

  • Target

    2025-05-18_17bf4ae8f1cedd7057f29fbab982ede7_darkgate_elex_icedid_poet-rat_zxxz

  • Size

    35.5MB

  • MD5

    17bf4ae8f1cedd7057f29fbab982ede7

  • SHA1

    5535fe3c30c3d7694c6e913b04bf85e3c35e7cc9

  • SHA256

    1278d578de119be853467a5204054166f4b1568ce1a7a4eeee53b65d6087aab0

  • SHA512

    cfbbc48602f239494896ca6d00a7e5aeb6890e2ffaea4f0b9e7952151d7b5f4a6c00a1264578c717a79ff22eb86fc0bd23b447e0896b036a04cc3428440b57fc

  • SSDEEP

    196608:gLHV5hhv5V57+btH5KUxamErRyhdGJgaMkG8K1HBRM4kqptasktkvzAgb09nde:S5htX5atH5imEoJhN1HG/wzAu

Score
10/10

Malware Config

Extracted

Family

aresloader

C2

http://173.208.238.78:8080

http://192.151.151.46

http://127.0.0.1:8888

http://127.0.0.1:8080

http://192.168.31.111

Signatures

  • Aresloader family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2025-05-18_17bf4ae8f1cedd7057f29fbab982ede7_darkgate_elex_icedid_poet-rat_zxxz
    .exe windows:4 windows x86 arch:x86

    66c12710a09349353f5d42d56deb3f18


    Headers

    Imports

    Sections