General
-
Target
5636-445-0x0000000000400000-0x00000000004B7000-memory.dmp
-
Size
732KB
-
MD5
7d50d64b6120cfeeb58d2fbfb87eb60d
-
SHA1
e2294e725370163f957086cd8053caffe081921d
-
SHA256
0c26c358e17ea44501614799981eb6025ea005ac9691a82ebbd6c6b29d9dbfd1
-
SHA512
d16030838efe83dd1f7fd3b3da8690640fd8616c047a6154642aac95d3940e489342ef7cc12e21b7d99754546edbe16e88d607dfc9ff7f27f8620243564fdbc5
-
SSDEEP
12288:5cH9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9EkNC/:6Z1xuVVjfFoynPaVBUR8f+kN10Ed
Score
10/10
Malware Config
Extracted
Family
darkcomet
Botnet
New-July-July4-0
C2
45.74.4.244:35800
Mutex
DC_MUTEX-RT27KF0
Attributes
-
gencode
cKUHbX2GsGhs
-
install
false
-
offline_keylogger
true
-
password
hhhhhh
-
persistence
false
Signatures
-
Darkcomet family
-
UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
5636-445-0x0000000000400000-0x00000000004B7000-memory.dmp
Headers
Sections