General

  • Target

    https://dosya.co/aihzkiuf3i1x/nebakıonla.exe.html

  • Sample

    250306-2s6vrazpt4

Malware Config

Extracted

Family

darkcomet

Botnet

Sazan

C2

123cinarla.zapto.org:1604

0.tcp.eu.ngrok.io:10867

Mutex

DC_MUTEX-08WKTYG

Attributes
  • InstallPath

    MSDCSC\msdcsc.exe

  • gencode

    YuCvwYNUp1wN

  • install

    true

  • offline_keylogger

    true

  • persistence

    true

  • reg_key

    MicroUpdate

rc4.plain

Extracted

Family

xred

C2

xred.mooo.com

Attributes
  • email

    [email protected]

  • payload_url

    http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978

    https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download

    https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1

    http://xred.site50.net/syn/SUpdate.ini

    https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download

    https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1

    http://xred.site50.net/syn/Synaptics.rar

    https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download

    https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1

    http://xred.site50.net/syn/SSLLibrary.dll

Extracted

Family

darkcomet

Attributes
  • gencode

  • install

    false

  • offline_keylogger

    false

  • persistence

    false

rc4.plain

Targets

MITRE ATT&CK Enterprise v15

Tasks