General

  • Target

    bootrapper.exe

  • Size

    659KB

  • MD5

    47d6f4568c595516da96c145041a3cb5

  • SHA1

    c154426bdaaf8c990a7b74e66704b5bb1d211e9b

  • SHA256

    b2bf2e2342c30fa96bf81879c95051176487b952795c2518a43af4985cb4c7cf

  • SHA512

    6560d49aa1e2f179b9207cfd424e69a4805a696fd6ac5c7d2227fbfa8fe02bb52e9798ce7db91e666475b841dd0e118514f2e8f512c5e7cfc4c5b9d8a5c3f6c2

  • SSDEEP

    12288:C9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hQ:uZ1xuVVjfFoynPaVBUR8f+kN10EBa

Score
10/10

Malware Config

Extracted

Family

darkcomet

Botnet

Guest165

C2

rose324-33082.portmap.host:33082

Mutex

DC_MUTEX-VFEJX89

Attributes
  • InstallPath

    MSDCSC\msdcsc.exe

  • gencode

    pmatwZA6QE8v

  • install

    true

  • offline_keylogger

    true

  • persistence

    true

  • reg_key

    realtekaudio

Signatures

  • Darkcomet family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • bootrapper.exe
    .exe windows:4 windows x86 arch:x86

    e5b4359a3773764a372173074ae9b6bd


    Headers

    Imports

    Sections