darkcomet | easy_Malicious_0e9d55f837f4e69c3495303db67a36d44503bccc358b13e8ec8ff6ee3a87eee0[.]exe

General

Target

easy_Malicious_0e9d55f837f4e69c3495303db67a36d44503bccc358b13e8ec8ff6ee3a87eee0.exe
Size

758KB
MD5

424c7f028f2900fb651fd13d803c64f6
SHA1

27676278c844f40f2a3b0ac43f9ddf87e9432f13
SHA256

576002a37cdd165d24a7af53763399c7422110f3b3f0aec0e58626f2f2c80782
SHA512

3351720e09493dcc20e4cab83a109b6a2de59095be270854ba9e0779302cc26b056f791a6220aa6bd60441822ec86676bec96e6ca2a5a4ef729eca7023b29f39
SSDEEP

12288:eXhpvNWw276S/DuoeFcfbmiJ99VPhYR5MTSHvLenELrWv1lZw4JuMkwh/Vsvv/:AnAw2WWeFcfbP9VPSPMTSPL/rWvzq4Js

Score

10^/10

guest16 darkcomet

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

127.0.0.1:1604

Mutex

DC_MUTEX-13SJ7VP

Attributes

InstallPath
MSDCSC\msdcsc.exe
gencode
kAwRHEikGRTk
install
true
offline_keylogger
false
persistence
false
reg_key
MicroUpdate

Signatures

Darkcomet family
darkcomet

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
easy_Malicious_0e9d55f837f4e69c3495303db67a36d44503bccc358b13e8ec8ff6ee3a87eee0.exe

Files

easy_Malicious_0e9d55f837f4e69c3495303db67a36d44503bccc358b13e8ec8ff6ee3a87eee0.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 568KB - Virtual size: 568KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 37KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 56B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 115KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

File Characteristics

Sections

.text Size: 568KB - Virtual size: 568KB

.itext Size: 6KB - Virtual size: 6KB

.data Size: 15KB - Virtual size: 15KB

.bss Size: - Virtual size: 37KB

.idata Size: 16KB - Virtual size: 16KB

.tls Size: - Virtual size: 56B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 35KB - Virtual size: 34KB

.rsrc Size: 115KB - Virtual size: 114KB

.text
Size: 568KB - Virtual size: 568KB

.itext
Size: 6KB - Virtual size: 6KB

.data
Size: 15KB - Virtual size: 15KB

.bss
Size: - Virtual size: 37KB

.idata
Size: 16KB - Virtual size: 16KB

.tls
Size: - Virtual size: 56B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 35KB - Virtual size: 34KB

.rsrc
Size: 115KB - Virtual size: 114KB