Behavioral task
behavioral1
Sample
5a1c8ef15cccd50082c6862f1df8fccc40cfa7b94e7710caaf60751c714c6cb1.exe
Resource
win7-en-20210920
windows7_x64
0 signatures
0 seconds
General
-
Target
5a1c8ef15cccd50082c6862f1df8fccc40cfa7b94e7710caaf60751c714c6cb1
-
Size
659KB
-
MD5
1d9b720db2f4e23c3502f1456f09b927
-
SHA1
a68034b6084112066cc02565dd519a23757c1b15
-
SHA256
5a1c8ef15cccd50082c6862f1df8fccc40cfa7b94e7710caaf60751c714c6cb1
-
SHA512
39cf1a7b5d12dfb19439676e9d692cc4536cd04c22872ef67370759e34dfba805e52c38ee0a58420b265aa29d8c91c563936e9be90fd578fe2418cb3c389c3d1
Malware Config
Extracted
Family
darkcomet
Botnet
Sazan
C2
8.tcp.ngrok.io:13738
Mutex
DC_MUTEX-RYGMJ3G
Attributes
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
1rG7r70RosbW
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
MicroUpdate
Signatures
-
Darkcomet family
Files
-
5a1c8ef15cccd50082c6862f1df8fccc40cfa7b94e7710caaf60751c714c6cb1.exe windows x86