General
-
Target
03e6b99846c4ab6a841fa7aa135d2e7230a98957c1595e2ee0bc2b14329871ca
-
Size
1.5MB
-
Sample
200624-5ejg1spxre
-
MD5
919e727137404624d1f88c477747aa85
-
SHA1
5136eab99b1c750ad54cff142cb960ec749e7385
-
SHA256
03e6b99846c4ab6a841fa7aa135d2e7230a98957c1595e2ee0bc2b14329871ca
-
SHA512
1511b57c9e194444ad4e32c1b34f4df00e9bdadab9953d2f93722ebc7906ec56910b309760b83a683df40a90d82ee12955d0826d95da0bf2207a0fd930330c71
Static task
static1
Behavioral task
behavioral1
Sample
03e6b99846c4ab6a841fa7aa135d2e7230a98957c1595e2ee0bc2b14329871ca.exe
Resource
win7
Malware Config
Extracted
darkcomet
Guest16
fut123.no-ip.biz:6968
DC_MUTEX-QDT8201
-
gencode
pQP26nCFHbNE
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
03e6b99846c4ab6a841fa7aa135d2e7230a98957c1595e2ee0bc2b14329871ca
-
Size
1.5MB
-
MD5
919e727137404624d1f88c477747aa85
-
SHA1
5136eab99b1c750ad54cff142cb960ec749e7385
-
SHA256
03e6b99846c4ab6a841fa7aa135d2e7230a98957c1595e2ee0bc2b14329871ca
-
SHA512
1511b57c9e194444ad4e32c1b34f4df00e9bdadab9953d2f93722ebc7906ec56910b309760b83a683df40a90d82ee12955d0826d95da0bf2207a0fd930330c71
-
Modifies visiblity of hidden/system files in Explorer
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-