darkcomet | CeleryBootstrapper[.]exe | Triage

Sharing

General

Target

CeleryBootstrapper.exe
Size

9.4MB
MD5

163ccc21c6cabd3bea7bac0efa8b96b1
SHA1

8610ec2fd4e036f74efa69a76a2cd1d734032638
SHA256

de1cea9691cf4f954a536e292f490f9d5cb6dc790fc3e04aa092ef043b966542
SHA512

a23f682b94b7afaa4c7f16b176253a35e117bb30dbaa3539d5b3920608d47729cf556a984fa27a1e708fdee79949f8bc5fbb5822deb38cf754aeb7532f60db63
SSDEEP

98304:tEgLIRfyC7egWJ3iJzdjf4fwraOWcD9XdMPABIw/t6KHDicVwzUs7OQU/:tEguhegD4fJOWs9XNBZ16M2cuUFQ

Score

10^/10

darkcomet

Malware Config

Signatures

Darkcomet family
darkcomet

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
CeleryBootstrapper.exe

Files

CeleryBootstrapper.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 9.4MB - Virtual size: 9.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ