General

  • Target

    loader_cheat.exe

  • Size

    408KB

  • MD5

    e2df2edc888e3c84bf1bd728c6e42100

  • SHA1

    9568c9f3ba712bf403ac7aa7af90241d79d6ea46

  • SHA256

    1d47db6e436daec107ca6166a1e61cbec6d12121fb5fa0664191d37e79256e4c

  • SHA512

    70070da3988e3ebd40de675f384d93f5fe1e6aa2944e5843736505b708a1b55167dfcc2540965bbe0636125049c791d4d39fe3b60db1bd41e93dd3f0712ec354

  • SSDEEP

    6144:KcNYS996KFifeVjBpeExgVTFSXFoMc5RhCaL37zAtyhb8yBUs9P0wkDLDv:KcW7KEZlPzCy37zAtyhb9BRCwCvv

Score
10/10

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

tadaronneeng.ddns.net:5353

Mutex

DC_MUTEX-2C4PPGM

Attributes
  • gencode

    6EN5BFnr5B4P

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Signatures

  • Darkcomet family
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Unsigned PE 2 IoCs

    Checks for missing Authenticode signature.

Files

  • loader_cheat.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • out.upx
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections