General

  • Target

    63721711206a78dedb75769140e4464337c83a4c01ea7b5584c89c824a4b2923

  • Size

    338KB

  • MD5

    726e3a73e37e05762492a4c49c5f2275

  • SHA1

    236a7a161bb1a1bd43ed52e21323c813038a8e18

  • SHA256

    63721711206a78dedb75769140e4464337c83a4c01ea7b5584c89c824a4b2923

  • SHA512

    7ec07bce56786b94c6f99d4688135c66b029f49f5dcf3aefce554330446efc70181fe410c694bf9be4127876eb99672e680a100f1650d15e06f4b89e8409ec43

  • SSDEEP

    6144:14OSFOzGgC/LtLuHfjsPABcfhvAZsPnnXtiI5d:XzG/Zu7sPAYr

Score
10/10

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

sussysdfffdfff343.duckdns.org:1604

Mutex

DC_MUTEX-6F4SERN

Attributes
  • InstallPath

    MSDCSC\msdcsc.exe

  • gencode

    mKaVRbcLZnA8

  • install

    true

  • offline_keylogger

    true

  • persistence

    true

  • reg_key

    Google Handler

Signatures

  • Darkcomet family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 63721711206a78dedb75769140e4464337c83a4c01ea7b5584c89c824a4b2923
    .zip

    Password: infected

  • 3f0b1837b836c8f882db35bc5b0510b47e6c06a996148371a05b2d2b8b46ee0f.exe
    .exe windows:4 windows x86 arch:x86

    e5b4359a3773764a372173074ae9b6bd


    Headers

    Imports

    Sections