General

  • Target

    87e1433bec2bd9d8fdc02e52d03d29005b82546996d045068ffce11088a660c3

  • Size

    252KB

  • MD5

    32307c24db9052003547acd8c7814a09

  • SHA1

    1804e608aef820e4b344e996dbad49276cc237b5

  • SHA256

    87e1433bec2bd9d8fdc02e52d03d29005b82546996d045068ffce11088a660c3

  • SHA512

    7e3db616a5e1e25eb2b94a8a537c90b657f99fa92471c38108eb0e859476a6e5adecfe3ef46da9729cc3605a79c694f74a2a923b4f6e5f9bc5d5515186bca596

  • SSDEEP

    6144:ScNYS996KFifeVjBpeExgVTFSXFoMc5RhCaL37:ScW7KEZlPzCy37

Score
10/10

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

kualomakalo.ddns.net:1604

Mutex

DC_MUTEX-3L7FTLT

Attributes
  • InstallPath

    MSDCSC\msdcsc.exe

  • gencode

    stDkxmBCbxzB

  • install

    true

  • offline_keylogger

    true

  • persistence

    true

  • reg_key

    MicroUpdate

Signatures

  • Darkcomet family
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

Files

  • 87e1433bec2bd9d8fdc02e52d03d29005b82546996d045068ffce11088a660c3
    .exe windows x86


    Headers

    Sections

  • out.upx
    .exe windows x86


    Headers

    Sections