General

  • Target

    Anubis 2.5 ( Android Banking Botnet ) Panel + APK file.exe

  • Size

    268KB

  • MD5

    58d328c859ed26102d84959e95de9bca

  • SHA1

    d40750fd353b093a0418b167eccd4c2124c64594

  • SHA256

    71e944842708dde91a617790c517a3295db2ea867f894c4f465bfee2977fbe38

  • SHA512

    8818c5f35e86d902e59d16a8bc945038e6eec4fabb442fd5c015d617c7150e56c71717a199fa82f4c08d8e9d9181fdf23f0ddba83d734e6f2c5e40a00a17565e

  • SSDEEP

    6144:rcNYS996KFifeVjBpeExgVTFSXFoMc5RhCaL37PpdHQd:rcW7KEZlPzCy37Rde

Score
10/10

Malware Config

Extracted

Family

darkcomet

Botnet

ip

C2

kvejo991.ddns.net:1604

Mutex

DC_MUTEX-B1GXAHA

Attributes
  • InstallPath

    winlogon.exe

  • gencode

    w3TGdlYWXTQL

  • install

    true

  • offline_keylogger

    true

  • persistence

    true

  • reg_key

    windows

Signatures

  • Darkcomet family
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Unsigned PE 2 IoCs

    Checks for missing Authenticode signature.

Files

  • Anubis 2.5 ( Android Banking Botnet ) Panel + APK file.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • out.upx
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections