General

  • Target

    https://dosya.co/etohrhluzj1b/sabeyler.exe.html

  • Sample

    250306-2qvdyayzdt

Malware Config

Extracted

Family

darkcomet

Botnet

Sazan

C2

123cinarla.zapto.org:1604

Mutex

DC_MUTEX-1S7AJ2Q

Attributes
  • InstallPath

    MSDCSC\msdcsc.exe

  • gencode

    uguNybCXH2cX

  • install

    true

  • offline_keylogger

    true

  • persistence

    true

  • reg_key

    MicroUpdate

rc4.plain

Extracted

Family

xred

C2

xred.mooo.com

Attributes
  • email

    [email protected]

  • payload_url

    http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978

    https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download

    https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1

    http://xred.site50.net/syn/SUpdate.ini

    https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download

    https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1

    http://xred.site50.net/syn/Synaptics.rar

    https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download

    https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1

    http://xred.site50.net/syn/SSLLibrary.dll

Extracted

Family

darkcomet

Attributes
  • gencode

  • install

    false

  • offline_keylogger

    false

  • persistence

    false

rc4.plain

Targets

MITRE ATT&CK Enterprise v15

Tasks