General

  • Target

    d4abee16fb8f06376c64df9595c24b5c7d8c292bf49280b46113dba9219f80a9

  • Size

    351KB

  • MD5

    11d49b7b599a5b8964db992c20799e43

  • SHA1

    6ebdbbc391708e602378ce901f7e7b2ff4a2e533

  • SHA256

    d4abee16fb8f06376c64df9595c24b5c7d8c292bf49280b46113dba9219f80a9

  • SHA512

    ebe406d7f76baa5131daa6bfb2db1e3768577c27f601b3cda015482c6061032f7c2b1cd714062f4d9382e483f521c13fea642fd551e6fc2ce205581b6ac6573e

  • SSDEEP

    6144:lvvYyFgDMY50EKXpRtdcNW4euiC2BOWrmZO5ReLZRcsDnvAJ/F/sp3VrUKcKk:lIR50EgpRtKNpcC2BkA5RefDvAJ9/spI

Score
10/10

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

10.10.0.100:1604

Mutex

DC_MUTEX-F54S21D

Attributes
  • InstallPath

    MSDCSC\msdcsc.exe

  • gencode

    gT3AYpfW5Hj0

  • install

    true

  • offline_keylogger

    true

  • persistence

    false

  • reg_key

    MicroUpdate

Signatures

  • Darkcomet family
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • d4abee16fb8f06376c64df9595c24b5c7d8c292bf49280b46113dba9219f80a9
    .zip

    Password: infected

  • d9d705a576cd648367347144e2bbacd697982b703fb0fdec295e5cd81968a858.exe
    .exe windows:4 windows x86 arch:x86

    2750597d6fc29423ecf0a5ce3d3fc4a2


    Headers

    Imports

    Sections