General

  • Target

    niggt.exe

  • Size

    690KB

  • MD5

    4c9704749ddbb514b5c60184f13fe7e7

  • SHA1

    20e83ba94bda82acd3bd89a012b22143cc1ddb94

  • SHA256

    109ebb16b070770f48359880d6f643c23612a1bb56054790c164b0cde4312880

  • SHA512

    2d964ebb467e0ac41904dd8650ecfc4386da1e7ec52727a665239586809b52faec72c7e7ecf7e93b7b4dcb36c69dc239d79772bab4e9d6b57800b09691f9fabc

  • SSDEEP

    12288:F9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/h2x:PZ1xuVVjfFoynPaVBUR8f+kN10EBk

Score
10/10

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

rose324-37147.portmap.host:37147

Mutex

DC_MUTEX-2DNRPLM

Attributes
  • InstallPath

    MSDCSC\msdcsc.exe

  • gencode

    tLDL0GjSYFsS

  • install

    true

  • offline_keylogger

    true

  • persistence

    true

  • reg_key

    realtekaudio

Signatures

  • Darkcomet family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • niggt.exe
    .exe windows:4 windows x86 arch:x86

    e5b4359a3773764a372173074ae9b6bd


    Headers

    Imports

    Sections