Overview

overview

10

Static

static

10

820f2381fe...f0.exe

windows7_x64

10

820f2381fe...f0.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    820f2381fe1860a8b6f9e66032ac4bb79ac6b7b9269264c547e4c63151593df0

  • Size

    732KB

  • MD5

    a1c0d1485d1f2ac0d660ea28502e79ae

  • SHA1

    fcd8a01e7c022c086747a680bb8995f9279aaa8c

  • SHA256

    820f2381fe1860a8b6f9e66032ac4bb79ac6b7b9269264c547e4c63151593df0

  • SHA512

    d44e3ecaefe8012aeaf5b3b4adf0d4aa6e2b9cf4565960def0c665d6294f7b21fa006a8d99b4e847b2a2f8eb0e9981bc4ce2f2f377541e53d84295b94108ad1f

Score
10/10
ratsazanasyncratdarkcomet

Malware Config

Extracted

Family

darkcomet

Botnet

Sazan

C2

marbeyli.ddns.net:443

Mutex

DC_MUTEX-WF3HSVR

Attributes
  • InstallPath

    MSDCSC\svchost.exe

  • gencode

    CTg6jh11p8Xh

  • install

    true

  • offline_keylogger

    true

  • persistence

    false

  • reg_key

    MicroUpdate

Signatures

  • Async RAT payload 1 IoCs
    rat
  • Asyncrat family
    asyncrat
  • Darkcomet family
    darkcomet

Files

  • 820f2381fe1860a8b6f9e66032ac4bb79ac6b7b9269264c547e4c63151593df0
    .exe windows x86