General

  • Target

    bootrapper.exe

  • Size

    252KB

  • MD5

    01953706ef629f45ee13fad39f460a3f

  • SHA1

    f8e1c54a525d78bb8566bda9c68e33ebd837ede2

  • SHA256

    790eda6eaf6d80b9411b25cee4923f786047cac3cdf305406a48352ac1e8d7ef

  • SHA512

    3f82938efb0371edf0b6320439b051b2d6e61b98a3b9b0cb110cec5786ed5868f01822c1d5663e641be09969399e669141df6ecdcbb45202da7a37cd2174bce6

  • SSDEEP

    6144:DcNYS996KFifeVjBpeExgVTFSXFoMc5RhCaL37j:DcW7KEZlPzCy37

Malware Config

Extracted

Family

darkcomet

Botnet

Guest1f63242

C2

rose324-33082.portmap.host:33082

Mutex

DC_MUTEX-P2LESEA

Attributes
  • InstallPath

    MSDCSC\msdcsjc.exe

  • gencode

    lGW4qX7RHbjT

  • install

    true

  • offline_keylogger

    true

  • persistence

    true

  • reg_key

    reahltekaudio

Signatures

  • Darkcomet family
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Unsigned PE 2 IoCs

    Checks for missing Authenticode signature.

Files

  • bootrapper.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • out.upx
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections