darkcomet | a8e5ad9e2057802d95e95ecd0ebb7fc29fc0c68401d6f23bee94f5b66cc4cfc3N[.]exe

General

Target

a8e5ad9e2057802d95e95ecd0ebb7fc29fc0c68401d6f23bee94f5b66cc4cfc3N.exe
Size

766KB
MD5

924f58f7b30a6b0640b6d53b1be31ec0
SHA1

6f4d4e39d90a285c735f6f63b29d1c66279e5a4e
SHA256

a8e5ad9e2057802d95e95ecd0ebb7fc29fc0c68401d6f23bee94f5b66cc4cfc3
SHA512

f984fe95da407c8f298612019023efb51a48ebdab7a9f9e30a988b15b5395097b29417c0d8f8ab1658ed994fd665aa2c4b5a7c52a7310ddcfcb0df708cb9bf01
SSDEEP

12288:ofbh3edoSdPDze9LBApPsKNoeP313umLcUmyqC+R/qqMd0QZh9u:SR8oYzS12PVaA3LLRHqC+BqD0QZh9u

Score

10^/10

guest16 darkcomet

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

127.0.0.1:1604

Mutex

DC_MUTEX-7PNZC0B

Attributes

InstallPath
Windupdt\winupdate.exe
gencode
NZCWVtLgCU/0
install
true
offline_keylogger
true
persistence
true
reg_key
winupdater

rc4.plain

Signatures

Darkcomet family
darkcomet

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a8e5ad9e2057802d95e95ecd0ebb7fc29fc0c68401d6f23bee94f5b66cc4cfc3N.exe

Files

a8e5ad9e2057802d95e95ecd0ebb7fc29fc0c68401d6f23bee94f5b66cc4cfc3N.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 578KB - Virtual size: 577KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 29KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 56B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

File Characteristics

Sections

.text Size: 578KB - Virtual size: 577KB

.itext Size: 6KB - Virtual size: 6KB

.data Size: 14KB - Virtual size: 14KB

.bss Size: - Virtual size: 29KB

.idata Size: 16KB - Virtual size: 16KB

.tls Size: - Virtual size: 56B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 34KB - Virtual size: 34KB

.rsrc Size: 114KB - Virtual size: 114KB

.text
Size: 578KB - Virtual size: 577KB

.itext
Size: 6KB - Virtual size: 6KB

.data
Size: 14KB - Virtual size: 14KB

.bss
Size: - Virtual size: 29KB

.idata
Size: 16KB - Virtual size: 16KB

.tls
Size: - Virtual size: 56B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 34KB - Virtual size: 34KB

.rsrc
Size: 114KB - Virtual size: 114KB