General

  • Target

    lab_samples.7z

  • Size

    1.2MB

  • MD5

    1b7491958a16c4e0b40e214905da4e48

  • SHA1

    6e5e2fd20d08df8157d5daf6a963252ec8dbf42f

  • SHA256

    69366a4a73f7d9fd02ebbfdc35e504b8ec6203571d3f4b99f94a7a25e994d53d

  • SHA512

    dc850e266c72b6f0cecc367ced1636da99505e84faa708ff9ad31bacb6140a0384e0830976288119e1fc939738f2bb69cbb732982bb0d102f5bd6d29194a4f8b

  • SSDEEP

    24576:MH3Vta5A/hn3fkt/qcZKqEDkWQAF8frgEcP1+ItPv3/iuD:MXVtaE8t/q6v4kxc8fg/X3Ko

Score
10/10

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

test213.no-ip.info:1604

Mutex

DC_MUTEX-KHNEW06

Attributes
  • InstallPath

    MSDCSC\runddl32.exe

  • gencode

    F6FE8i2BxCpu

  • install

    true

  • offline_keylogger

    true

  • persistence

    true

  • reg_key

    MicroUpdate

Signatures

  • Darkcomet family
  • Unsigned PE 5 IoCs

    Checks for missing Authenticode signature.

Files

  • lab_samples.7z
    .7z

    Password: infected

  • lab_samples/1e3966e77ad1cbf3e3ef76803fbf92300b2b88af39650a1208520e0cdc05645b.exe
    .exe windows:4 windows x86 arch:x86

    aba0f6b7b462acb9eea2b541c75bf039


    Code Sign

    Headers

    Imports

    Sections

  • lab_samples/6562e2ac60afa314cd463f771fcfb8be70f947f6e2b314b0c48187eebb33dd82.exe
    .exe windows:5 windows x86 arch:x86

    ab0de729364460157e3ea9fbc46e7f8e


    Headers

    Imports

    Sections

  • lab_samples/6d34ded00c0da9887ba752872093f59c649de72a1f629a32014f5ed8be509363.exe
    .exe windows:4 windows x86 arch:x86

    e5b4359a3773764a372173074ae9b6bd


    Headers

    Imports

    Sections

  • lab_samples/a380617cf945ca35dbbc3d031bcc612f0dca96c1027a75003182ba5be2851215.exe
    .exe windows:4 windows x86 arch:x86

    58576b281ae6f8d747f774119e7b5cae


    Headers

    Imports

    Sections

  • lab_samples/b3b3bb519dd34a933a0b9920fa905ecaa5ce32c34871a29b5823a5b0fd4d9fc7.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • lab_samples/e30b76f9454a5fd3d11b5792ff93e56c52bf5dfba6ab375c3b96e17af562f5fc.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections