General
-
Target
b54347c754b7095d0a38c7180eaa71e50c4431b7c721f7791483babb2610d17b
-
Size
476KB
-
Sample
200706-67896k7hxj
-
MD5
b0196d39c93d411d1c26d053464e9063
-
SHA1
9468b91d627458e62cafdc4319fa673a5140f93c
-
SHA256
b54347c754b7095d0a38c7180eaa71e50c4431b7c721f7791483babb2610d17b
-
SHA512
fa49fdc90c924c2078ee210a6dc6b5c139462f8b76b94a7a998a73200a0c618d92f921dea6b7574ffcd0a583c01166deebb7acf474fd33de76cfa758e7aeeb29
Static task
static1
Behavioral task
behavioral1
Sample
b54347c754b7095d0a38c7180eaa71e50c4431b7c721f7791483babb2610d17b.exe
Resource
win7v200430
Behavioral task
behavioral2
Sample
b54347c754b7095d0a38c7180eaa71e50c4431b7c721f7791483babb2610d17b.exe
Resource
win10v200430
Malware Config
Extracted
darkcomet
�킽����
darkanony0501.no-ip.biz:1604
DC_MUTEX-RUSU0K2
-
gencode
Jv5i6qhD7WCB
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
b54347c754b7095d0a38c7180eaa71e50c4431b7c721f7791483babb2610d17b
-
Size
476KB
-
MD5
b0196d39c93d411d1c26d053464e9063
-
SHA1
9468b91d627458e62cafdc4319fa673a5140f93c
-
SHA256
b54347c754b7095d0a38c7180eaa71e50c4431b7c721f7791483babb2610d17b
-
SHA512
fa49fdc90c924c2078ee210a6dc6b5c139462f8b76b94a7a998a73200a0c618d92f921dea6b7574ffcd0a583c01166deebb7acf474fd33de76cfa758e7aeeb29
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-