General
-
Target
f1d61cbcda0b9784bb33b45d96f98b3e027a6b5cfe89552e47d15038dedff23d
-
Size
1.0MB
-
MD5
766a48198b5f332debc69cf1e0e87bbf
-
SHA1
d805b0ee573788f94375d87b2d8af5a3f56e6ef4
-
SHA256
f1d61cbcda0b9784bb33b45d96f98b3e027a6b5cfe89552e47d15038dedff23d
-
SHA512
5ae3a2e7af67b20b16a9f4f077449074b3d63ae24108027bc2bded3eecc4cebb1f225ef0c96dca24f736c51867f96878bb18c8f08d4bb6b0729b75724102c749
-
SSDEEP
24576:MKiRzC0UAaNSl3Jx5/16qCTF6RQHDO1AZ8S:NiRnMSp5N6PTfi1AZ8S
Score
10/10
Malware Config
Extracted
Family
darkcomet
Botnet
Guest16
C2
127.0.0.1:555
Mutex
DC_MUTEX-13GPHC5
Attributes
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
ACocCp43TdEV
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Signatures
-
Darkcomet family
-
R77 family
-
r77 rootkit payload 1 IoCs
Detects the payload of the r77 rootkit.
-
UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Unsigned PE 2 IoCs
Checks for missing Authenticode signature.
Files
-
f1d61cbcda0b9784bb33b45d96f98b3e027a6b5cfe89552e47d15038dedff23d
Headers
Sections
-
out.upx
Headers
Sections