Analysis
-
max time kernel
120s -
max time network
143s -
platform
windows10_x64 -
resource
win10 -
submitted
06-08-2020 13:17
General
-
Target
Temmuz 2020 Bayi-Personel Prim Kazanc Tablosu.exe
-
Size
1.1MB
-
MD5
e255489d5f3e363d714ee0cecf55fe34
-
SHA1
abee71dd7a24cb405390fa25e24297ac6e520809
-
SHA256
92bae130f70a00a0207adfa078c44f57a9c6326c8873847f99acc8d3398b5f7a
-
SHA512
6cb359bccc3834973481a089cf3e3a30d0948242579351e9e3f1de352215a50602b3624cb54954be538f4b13fcb9bbbb054d4683a5677100429b35aa6f9fb697
Score
10/10
Malware Config
Signatures
-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Script User-Agent 2 IoCs
Uses user-agent string associated with script host/environment.
-
Suspicious use of AdjustPrivilegeToken 24 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Temmuz 2020 Bayi-Personel Prim Kazanc Tablosu.exe"C:\Users\Admin\AppData\Local\Temp\Temmuz 2020 Bayi-Personel Prim Kazanc Tablosu.exe"1⤵
- Adds Run key to start application
- Suspicious use of AdjustPrivilegeToken