Overview

overview

10

Static

static

10

04C164391E...15.exe

windows7_x64

10

04C164391E...15.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    04C164391EFCEDD93B5C04DC137E8B80336265246FA15.exe

  • Size

    770KB

  • MD5

    2f087c02e5a65fc3a150ba96ddde8a0f

  • SHA1

    d8b02d1cd0d582b93866ea2e2da10cb148828566

  • SHA256

    04c164391efcedd93b5c04dc137e8b80336265246fa15318a67d4b2d20bf257f

  • SHA512

    86b078abb4270864802f0056c5657c82c2f375472d821fd888aa0252c10e270cba8beb5bc5063236d7c1192ccf573d7df7dec83ddf753638e96aa6d06f5c0edd

Score
10/10
ratsazanasyncratdarkcomet

Malware Config

Extracted

Family

darkcomet

Botnet

Sazan

C2

marbeyli.duckdns.org:1604

Mutex

DC_MUTEX-D2KTVT9

Attributes
  • InstallPath

    MSDCSC\svchost.exe

  • gencode

    iGJFx2jaJsy3

  • install

    true

  • offline_keylogger

    true

  • persistence

    false

  • reg_key

    MicroUpdate

Signatures

  • Async RAT payload 1 IoCs
    rat
  • Asyncrat family
    asyncrat
  • Darkcomet family
    darkcomet

Files

  • 04C164391EFCEDD93B5C04DC137E8B80336265246FA15.exe
    .exe windows x86