General

  • Target

    605de3fa0ce8f0ae6c74bb81f9ddf6ce6c2c720cdf0f282af109c3f9a2df1e3a

  • Size

    251KB

  • MD5

    1fb3c72634a1935f377f6085f0ea0e70

  • SHA1

    35c8df2ea7884f61e46256748d64f04ca64dc396

  • SHA256

    605de3fa0ce8f0ae6c74bb81f9ddf6ce6c2c720cdf0f282af109c3f9a2df1e3a

  • SHA512

    05ecb7014387672cf2ed1bdddd6eb2c1ec934ffe432610681dcd86435f886a4fe98998de771db2028eadec64ce168714d17f41319507c366ecd2f1c7b3de4453

  • SSDEEP

    6144:PcNYS996KFifeVjBpeExgVTFSXFoMc5RhCaL37xo3:PcW7KEZlPzCy37x0

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16_min

C2

cyb3r5h0ck.no-ip.biz:4000

Mutex

DC_MUTEX-TF57FSW

Attributes
  • InstallPath

    System\sys.exe

  • gencode

    faadUS6brG9w

  • install

    true

  • offline_keylogger

    true

  • persistence

    true

  • reg_key

    Systemdll

Signatures

  • Darkcomet family
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

Files

  • 605de3fa0ce8f0ae6c74bb81f9ddf6ce6c2c720cdf0f282af109c3f9a2df1e3a
    .exe windows x86


    Headers

    Sections

  • out.upx
    .exe windows x86


    Headers

    Sections