General

  • Target

    d4256a7d69733c47e3d4e0a3f4da2fa7

  • Size

    756KB

  • MD5

    d4256a7d69733c47e3d4e0a3f4da2fa7

  • SHA1

    d9d022c96a99fbad44451db9d60d24c4a4a22897

  • SHA256

    b5c0c2189f141d5d4328eb7800839bb702d25a028c879b0b54b6290f812621f7

  • SHA512

    7432143f6e1c8bf9cf37e4ed2b94b419bb5d4357827d292a58a9ad4d176072d9dcba892c79f0bec0be8bc1f71a621274e26f8d8013a6b92f59bf836e1ec8a3f9

  • SSDEEP

    12288:e9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/ht:qZ1xuVVjfFoynPaVBUR8f+kN10EBL

Score
10/10

Malware Config

Extracted

Family

darkcomet

Botnet

MAIN

C2

billa2012.no-ip.org:50468

billa2012.no-ip.org:80

Mutex

DC_MUTEX-KH2VSZR

Attributes
  • gencode

    sSjilN5Kx17Z

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Signatures

  • Darkcomet family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • d4256a7d69733c47e3d4e0a3f4da2fa7
    .exe windows:4 windows x86 arch:x86

    e5b4359a3773764a372173074ae9b6bd


    Headers

    Imports

    Sections