General
-
Target
Recu.exe
-
Size
871KB
-
Sample
201021-t13kbn41dj
-
MD5
fe655433e25918abfbf8d0a748b53ebd
-
SHA1
2481b3aa2a0084a7aa8a5dae26e7a95bd948cd61
-
SHA256
c960f47eb155a0066c0e4e279c296d0516edf66cf032b44188fe3d7f3a16aef6
-
SHA512
7ff96e75adaf8c03f99825bbc93bfe2391934fa71acb2a80cd02a994105497ca76f96f62ea8905409d97c2855ee7fc9a12dd3f4f35f0c8456108925d28023a2d
Static task
static1
Behavioral task
behavioral1
Sample
Recu.exe
Resource
win7v200722
Behavioral task
behavioral2
Sample
Recu.exe
Resource
win10
Malware Config
Extracted
darkcomet
Guest16
127.0.0.1:100
DC_MUTEX-J4K9R5R
-
gencode
XsFtyCs9yfyB
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
Recu.exe
-
Size
871KB
-
MD5
fe655433e25918abfbf8d0a748b53ebd
-
SHA1
2481b3aa2a0084a7aa8a5dae26e7a95bd948cd61
-
SHA256
c960f47eb155a0066c0e4e279c296d0516edf66cf032b44188fe3d7f3a16aef6
-
SHA512
7ff96e75adaf8c03f99825bbc93bfe2391934fa71acb2a80cd02a994105497ca76f96f62ea8905409d97c2855ee7fc9a12dd3f4f35f0c8456108925d28023a2d
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-