darkcomet | 9e8f6788eb84d665b94441ca661756ee0a588505956cd551153f06bd676b6c0a

General

Target

9e8f6788eb84d665b94441ca661756ee0a588505956cd551153f06bd676b6c0a
Size

347KB
MD5

4798aa74f6a80c360aec84456b22aaff
SHA1

c5a959c88357e899fa6aaf4f178bf9c854697bb4
SHA256

9e8f6788eb84d665b94441ca661756ee0a588505956cd551153f06bd676b6c0a
SHA512

4fb6bf54b40b10d2fe7c779f975634dd823fc4babcfabec0520821b7c582edc4504e67b50976d3b6ad4937fbd543d988b650d3a395078e5f735063785ef51025
SSDEEP

6144:2AE38KdOnUFrFGJbjto+dpcJdlaeSo6yUd0Ab18nsml0UD:djKy6MpJo+dpcJ7aeSoaBbunp0M

Score

10^/10

Family

darkcomet

Botnet

Guest16

C2

10.10.0.100:1604

Mutex

DC_MUTEX-F54S21D

Attributes

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
static1/unpack001/cbefac498c7c8312dd71565f190ee2394ada2f86c70e41e8f03480a19442ac17.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/cbefac498c7c8312dd71565f190ee2394ada2f86c70e41e8f03480a19442ac17.exe

9e8f6788eb84d665b94441ca661756ee0a588505956cd551153f06bd676b6c0a
.zip

Password: infected
cbefac498c7c8312dd71565f190ee2394ada2f86c70e41e8f03480a19442ac17.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: 580KB - Virtual size: 580KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

UPX1
Size: 248KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE