General

  • Target

    easyMalicious11437d674ae9.exe

  • Size

    252KB

  • MD5

    f13a40d8d558bd757e05dd5d15f8a37c

  • SHA1

    dd7794c67fbc193ff893bb1731bcffd913cc76b6

  • SHA256

    769be62d4b8b47b83ae43e57c2d5c43bc76224d9a97c67f9c14bd0d93f16a697

  • SHA512

    837e0e6305e18ab56d07e28e7194f7adca702fe028a0739f16ecdb2ef530f70d8e0ed14d93b0e22ce6d97b98bb177c652553b683cb40252274e5da3968901f6b

  • SSDEEP

    6144:ucNYS996KFifeVjBpeExgVTFSXFoMc5RhCaL370i:ucW7KEZlPzCy373

Score
10/10

Malware Config

Extracted

Family

darkcomet

Botnet

All

C2

192.168.0.104.:1604

192.168.0.104.:81

Mutex

DC_MUTEX-3XRDSKA

Attributes
  • InstallPath

    MSDCSC\msdcsc.exe

  • gencode

    LQ4BCG6oBTFR

  • install

    true

  • offline_keylogger

    true

  • persistence

    false

  • reg_key

    MicroUpdate

Signatures

  • Darkcomet family
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Unsigned PE 2 IoCs

    Checks for missing Authenticode signature.

Files

  • easyMalicious11437d674ae9.exe
    .exe windows x86


    Headers

    Sections

  • out.upx
    .exe windows x86


    Headers

    Sections