General
-
Target
d1e4712d3aaa767f88370dd745cef939
-
Size
952KB
-
Sample
201025-kghcfwzgpa
-
MD5
d1e4712d3aaa767f88370dd745cef939
-
SHA1
a48f26a9d9e1c383938ca74be47c39dafcdf4a49
-
SHA256
81bb2960d19ec9b9c778b010051b08a27dcf29e9fa4ea382bc5163c7e60f55e3
-
SHA512
5613da65ca1cd568ddb2cb27014fe09339145976592ed318600019c022f771b297609b058ea740f47ab307c640e62375ebb6fdcb4634213dadb400d2cbfcce79
Static task
static1
Behavioral task
behavioral1
Sample
d1e4712d3aaa767f88370dd745cef939.exe
Resource
win7
Malware Config
Extracted
darkcomet
Guest16
joylynch.ddns.net:100
DC_MUTEX-GUU4ZZV
-
gencode
USwcMCrQTcVd
-
install
false
-
offline_keylogger
true
-
persistence
false
Extracted
pony
http://lynch.herobo.com/pcss/gate.php
Targets
-
-
Target
d1e4712d3aaa767f88370dd745cef939
-
Size
952KB
-
MD5
d1e4712d3aaa767f88370dd745cef939
-
SHA1
a48f26a9d9e1c383938ca74be47c39dafcdf4a49
-
SHA256
81bb2960d19ec9b9c778b010051b08a27dcf29e9fa4ea382bc5163c7e60f55e3
-
SHA512
5613da65ca1cd568ddb2cb27014fe09339145976592ed318600019c022f771b297609b058ea740f47ab307c640e62375ebb6fdcb4634213dadb400d2cbfcce79
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-