General

  • Target

    d9c34a084a1ed631491aad61814776d97ed4db1e6a1a39ca8b5101430818f9f1

  • Size

    351KB

  • MD5

    8ff680f196b0c7417ffa3f94f0cd936c

  • SHA1

    53e1200f7744d01c919d38be6a82b725ad3975d0

  • SHA256

    d9c34a084a1ed631491aad61814776d97ed4db1e6a1a39ca8b5101430818f9f1

  • SHA512

    05a7f3494938f4bd87dd15238049dfbdb286aa8e18e30ed0f9ad9acb4d92643e5643f2e030c5089b009c297d835e877c9dfd5b306f5724906cc8b2a569c53a4f

  • SSDEEP

    6144:wvDHnZOYadjtKI7It5kUU4vP6TT9LItkxHzGMCgkrUjMgpuvGH/dQHWmpFgEX8OA:wvDHnZOYaGn55XP63Re6HzGv3uMrvGfx

Score
10/10

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

10.10.0.100:1604

Mutex

DC_MUTEX-F54S21D

Attributes
  • InstallPath

    MSDCSC\msdcsc.exe

  • gencode

    4iFjVwZK72Tx

  • install

    true

  • offline_keylogger

    true

  • persistence

    false

  • reg_key

    MicroUpdate

Signatures

  • Darkcomet family
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • d9c34a084a1ed631491aad61814776d97ed4db1e6a1a39ca8b5101430818f9f1
    .zip

    Password: infected

  • 6fb8e87b68f7de6ee4600a81c1b36c7a0bdebb2bafbadfaa6cafabfb37406fcf.exe
    .exe windows:4 windows x86 arch:x86

    2750597d6fc29423ecf0a5ce3d3fc4a2


    Headers

    Imports

    Sections