Overview

overview

10

Static

static

10

f7d96d65f6...79.exe

windows7-x64

1

f7d96d65f6...79.exe

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    f7d96d65f615fae58b42304a0e6c3e7fb4d4c07ac2c816a69a235e6fdf84db79.exe

  • Size

    732KB

  • MD5

    6cc5d7d4af0881b7302ab5a0cfb41673

  • SHA1

    f719787b0c5b09702e4d603ea0b999547f3b2eec

  • SHA256

    f7d96d65f615fae58b42304a0e6c3e7fb4d4c07ac2c816a69a235e6fdf84db79

  • SHA512

    f7f8f05eb17dced785404a1b1ce7df743ea917a496c3b176b69dfd95c544e91ddd9c6e30bc3c97946972bc70a41fa94060763d98f7f06f3a1e96e2b49480c0a6

  • SSDEEP

    12288:AcH9HGJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9EkMB/:BM1xuVVjfFoynPaVBUR8f+kN10E/

Score
10/10
upxsazandarkcomet

Malware Config

Extracted

Family

darkcomet

Botnet

Sazan

C2

dreamy-wildflower-77334.pktriot.net:22952

Mutex

DC_MUTEX-3E3TFM5

Attributes
  • InstallPath

    MSDCSC\msdcsc.exe

  • gencode

    ZxS92vJY80dM

  • install

    true

  • offline_keylogger

    true

  • persistence

    true

  • reg_key

    MicroUpdate

Signatures

  • Darkcomet family
    darkcomet
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • f7d96d65f615fae58b42304a0e6c3e7fb4d4c07ac2c816a69a235e6fdf84db79.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections