darkcomet | 822fee0cd5b81edf5ba50bd43373c206730fbfb544a8d0d38c4e07bf35b92995 | Triage

Sharing

General

Target

822fee0cd5b81edf5ba50bd43373c206730fbfb544a8d0d38c4e07bf35b92995
Size

823KB
Sample

220524-twnvcahdf4
MD5

011f7e1563fa7c2b34ca940f98e5826b
SHA1

44dbdabe5a045af5e23da5dea4dcbadb7dd0b5e6
SHA256

822fee0cd5b81edf5ba50bd43373c206730fbfb544a8d0d38c4e07bf35b92995
SHA512

e5be2e36a082c6dd64bffb05a56ce7a916a71ecbe0b6330b9afaedcb0bf047ca054c2ca221b090da204484e86f310a097d2c3a30667d1ea5d10f3984a6f746d2

Score

10^/10

darkcomet sazan

Malware Config

Extracted

Family

darkcomet

Botnet

Sazan

C2

0.tcp.ngrok.io:13702

Mutex

DC_MUTEX-NZCEYTG

Attributes

InstallPath
MSDCSC\msdcsc.exe
gencode
5haShTpwd5LH
install
true
offline_keylogger
true
persistence
false
reg_key
MicroUpdate

Targets

- Target
  
  822fee0cd5b81edf5ba50bd43373c206730fbfb544a8d0d38c4e07bf35b92995
- Size
  
  823KB
- MD5
  
  011f7e1563fa7c2b34ca940f98e5826b
- SHA1
  
  44dbdabe5a045af5e23da5dea4dcbadb7dd0b5e6
- SHA256
  
  822fee0cd5b81edf5ba50bd43373c206730fbfb544a8d0d38c4e07bf35b92995
- SHA512
  
  e5be2e36a082c6dd64bffb05a56ce7a916a71ecbe0b6330b9afaedcb0bf047ca054c2ca221b090da204484e86f310a097d2c3a30667d1ea5d10f3984a6f746d2
Score

1^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2