General

  • Target

    81733c92d498d0c739c3bd57be31c15d477625d965a47c7269fe5424cf21e84c

  • Size

    338KB

  • MD5

    c3057e215f8f3fe61e91970ba0518f80

  • SHA1

    228e7c74ac9cf17fd44c9da5ee92fc08a67d024c

  • SHA256

    81733c92d498d0c739c3bd57be31c15d477625d965a47c7269fe5424cf21e84c

  • SHA512

    49e6864c5bb04f3b96b49d0b4f5807e6e91aeb05f1c3efa853984e9f0c0673b22e5eaec8ce99891f5d07258c9d244a65a6dce5a4f955136c8a1364eb36c23e6e

  • SSDEEP

    6144:P3XKOSWJP9VLbkKx7byNlVn0DA1eBYA7ElA5OE3SrAitWJg+98mhQVwl:P0WHVLbx5ynt2A4ale/oWqMhQql

Score
10/10

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

127.0.0.1:1604

Mutex

DC_MUTEX-Z13B80M

Attributes
  • gencode

    AHMTw3fm3YQK

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Signatures

  • Darkcomet family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 81733c92d498d0c739c3bd57be31c15d477625d965a47c7269fe5424cf21e84c
    .zip

    Password: infected

  • f991fb7adaf38468117ff3233d7032b28eebd8784c51533b1689c8d32df6d136.exe
    .exe windows:4 windows x86 arch:x86

    e5b4359a3773764a372173074ae9b6bd


    Headers

    Imports

    Sections