General
-
Target
c2c82ee2700333d677bee2937f99b1e5657f339e23c27b5b7d2a397b672fffd9
-
Size
932KB
-
Sample
200624-v7pg8gxvbx
-
MD5
1dc80685c258916d30f9bf2365d76ff5
-
SHA1
bc0111105913d61308b5164833d31574d0391543
-
SHA256
c2c82ee2700333d677bee2937f99b1e5657f339e23c27b5b7d2a397b672fffd9
-
SHA512
7bf344038fc679919f30f93070c666c5409d76f81b8a79cf6aeda9d356ad7b9b570de0e994b4dd20096e3b3869b63ad496361f08bbd24eaa3eea6580aa965ba2
Static task
static1
Behavioral task
behavioral1
Sample
c2c82ee2700333d677bee2937f99b1e5657f339e23c27b5b7d2a397b672fffd9.exe
Resource
win7
Behavioral task
behavioral2
Sample
c2c82ee2700333d677bee2937f99b1e5657f339e23c27b5b7d2a397b672fffd9.exe
Resource
win10
Malware Config
Extracted
darkcomet
Test Server
127.0.0.1:1604
DC_MUTEX-4XKPULH
-
gencode
LBSgYfRa7QDe
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
c2c82ee2700333d677bee2937f99b1e5657f339e23c27b5b7d2a397b672fffd9
-
Size
932KB
-
MD5
1dc80685c258916d30f9bf2365d76ff5
-
SHA1
bc0111105913d61308b5164833d31574d0391543
-
SHA256
c2c82ee2700333d677bee2937f99b1e5657f339e23c27b5b7d2a397b672fffd9
-
SHA512
7bf344038fc679919f30f93070c666c5409d76f81b8a79cf6aeda9d356ad7b9b570de0e994b4dd20096e3b3869b63ad496361f08bbd24eaa3eea6580aa965ba2
-
Modifies system executable filetype association
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-