General

  • Target

    lab_samples.zip

  • Size

    1.6MB

  • MD5

    707717e0811f03c3713616ab9354ae9f

  • SHA1

    7b8ee97f65075ecd800381642bcbca4515a61cec

  • SHA256

    596263884d5474c2d3bb01238718eb30ce2c8539c99f66fa26b92171c6786c26

  • SHA512

    bff3f233ed55af5ee45b945856f96eab57e76e2481dd1e652bb755004b54dc1411c387c5b055056c92d51464c2abac9e6770221d520886df97610b8ff7d365b2

  • SSDEEP

    49152:mXGgg7/0/FoAG6BKls7W9onqaRf/Hcfs826P5:GOioAt7W9onnRXHcfZ2q

Score
10/10

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

test213.no-ip.info:1604

Mutex

DC_MUTEX-KHNEW06

Attributes
  • InstallPath

    MSDCSC\runddl32.exe

  • gencode

    F6FE8i2BxCpu

  • install

    true

  • offline_keylogger

    true

  • persistence

    true

  • reg_key

    MicroUpdate

Signatures

  • Darkcomet family
  • Unsigned PE 5 IoCs

    Checks for missing Authenticode signature.

Files

  • lab_samples.zip
    .zip

    Password: infected

  • lab_samples/1e3966e77ad1cbf3e3ef76803fbf92300b2b88af39650a1208520e0cdc05645b.exe
    .exe windows:4 windows x86 arch:x86

    Password: infected

    aba0f6b7b462acb9eea2b541c75bf039


    Code Sign

    Headers

    Imports

    Sections

  • lab_samples/6562e2ac60afa314cd463f771fcfb8be70f947f6e2b314b0c48187eebb33dd82.exe
    .exe windows:5 windows x86 arch:x86

    Password: infected

    ab0de729364460157e3ea9fbc46e7f8e


    Headers

    Imports

    Sections

  • lab_samples/6d34ded00c0da9887ba752872093f59c649de72a1f629a32014f5ed8be509363.exe
    .exe windows:4 windows x86 arch:x86

    Password: infected

    e5b4359a3773764a372173074ae9b6bd


    Headers

    Imports

    Sections

  • lab_samples/a380617cf945ca35dbbc3d031bcc612f0dca96c1027a75003182ba5be2851215.exe
    .exe windows:4 windows x86 arch:x86

    Password: infected

    58576b281ae6f8d747f774119e7b5cae


    Headers

    Imports

    Sections

  • lab_samples/b3b3bb519dd34a933a0b9920fa905ecaa5ce32c34871a29b5823a5b0fd4d9fc7.exe
    .exe windows:4 windows x86 arch:x86

    Password: infected


    Headers

    Sections

  • lab_samples/e30b76f9454a5fd3d11b5792ff93e56c52bf5dfba6ab375c3b96e17af562f5fc.exe
    .exe windows:4 windows x86 arch:x86

    Password: infected


    Headers

    Sections