Behavioral task
behavioral1
Sample
2e15ef27dc6e9b414c7cb2cf9ae5ce50f13f889461442c33f3128b569ede31bf.exe
Resource
win7-en-20210920
windows7_x64
0 signatures
0 seconds
General
-
Target
2e15ef27dc6e9b414c7cb2cf9ae5ce50f13f889461442c33f3128b569ede31bf
-
Size
807KB
-
MD5
1b65c2a3c7627597b54d16d3f1b80418
-
SHA1
383a0d1115b33a50e7c8e9875155e9033a37c8c0
-
SHA256
2e15ef27dc6e9b414c7cb2cf9ae5ce50f13f889461442c33f3128b569ede31bf
-
SHA512
b7ae5b9df4758c5638a332a8896292aa0e567f0253fd8f4bbb178feb0544085889972605b49baf1e8432ab944881aad69d64a9d64968a89dee2a7ab3b9abd381
Malware Config
Extracted
Family
darkcomet
Botnet
Sazan
C2
0.tcp.ngrok.io:14298
Mutex
DC_MUTEX-03KLHJJ
Attributes
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
JmWdVpbgJaAR
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Signatures
-
Darkcomet family
Files
-
2e15ef27dc6e9b414c7cb2cf9ae5ce50f13f889461442c33f3128b569ede31bf.exe windows x86