General

  • Target

    latest.exe

  • Size

    756KB

  • MD5

    3d44f7937fb46ea4de708e90a4ca4587

  • SHA1

    db54473365d6aa656523607286c777ce37aee53b

  • SHA256

    f993cc832ebf9603779a0d03ef696305818f27d0edf14dca665eb8571b13b98e

  • SHA512

    c4d686e875ad26e5debed497630d7d1e6acecf64864928375fbd09130b9761fa54e623b9d41b2d984ee4a4f5b83debb2f194a485242fdad70ecec17dbfeae2fe

  • SSDEEP

    12288:x9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hz:rZ1xuVVjfFoynPaVBUR8f+kN10EB1

Score
10/10

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

122.176.133.66:2181

Mutex

DC_MUTEX-10VBW8X

Attributes
  • InstallPath

    MSDCSC\msdcsc.exe

  • gencode

    EVjYUENRn40t

  • install

    true

  • offline_keylogger

    true

  • password

    hacker667

  • persistence

    true

  • reg_key

    MicroUpdate

Signatures

  • Darkcomet family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • latest.exe
    .exe windows:4 windows x86 arch:x86

    e5b4359a3773764a372173074ae9b6bd


    Headers

    Imports

    Sections