General

  • Target

    ware.exe

  • Size

    658KB

  • MD5

    86809c06e4f5bedcffea7f983f2059af

  • SHA1

    53dd293ccf526894885c4dc2ca47b1ddf28e618b

  • SHA256

    09e297bd89610efce8e83e013b21a175dd47ca1bbb7df5284cf71cd5385daa78

  • SHA512

    c6425808f7d772578cdf988e8db92aa46b41672491cdbcf9e649c6ffa369d8ad4eb012412e880f19e8ac1a6ed4cafa05f85438a1be3bc42e6614be4659b35f37

  • SSDEEP

    12288:S9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hd:+Z1xuVVjfFoynPaVBUR8f+kN10EBL

Score
10/10

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

5.39.43.50:1337

Mutex

DC_MUTEX-DPUDTLY

Attributes
  • gencode

    u31d2mspyHez

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Signatures

  • Darkcomet family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • ware.exe
    .exe windows:4 windows x86 arch:x86

    e5b4359a3773764a372173074ae9b6bd


    Headers

    Imports

    Sections