General
-
Target
c756c7431558b4848bbd865af6aba43f
-
Size
3.8MB
-
Sample
201026-kvwvjgy7le
-
MD5
c756c7431558b4848bbd865af6aba43f
-
SHA1
e34592243c9a070c91bc4735ca9d9cc67066a40f
-
SHA256
2f8a1772bb051c6b730649fcbe00a51b20b0e4d6f71bd28e06d5d2cffd3e1621
-
SHA512
37ae8613a774708148c9fb5e59466f0fc361807dfde7c5ef9a892d4adc7e6648b6c8425bcfa40df98fea8d9846ddbf452504c14e12e320bf08af540b1a28e897
Static task
static1
Behavioral task
behavioral1
Sample
c756c7431558b4848bbd865af6aba43f.exe
Resource
win7
Behavioral task
behavioral2
Sample
c756c7431558b4848bbd865af6aba43f.exe
Resource
win10
Malware Config
Extracted
darkcomet
2020okt999+
sandyclark255.hopto.org:1605
DC_MUTEX-11WPGQ5
-
InstallPath
winzipl.exe
-
gencode
YGhUoUZB2403
-
install
true
-
offline_keylogger
true
-
password
hhhhhh
-
persistence
true
-
reg_key
wzip
Extracted
darkcomet
2020okt999+++4
sandyclark255.hopto.org:1605
DC_MUTEX-D50H81E
-
InstallPath
word64l.exe
-
gencode
0zgSCfjSH24W
-
install
true
-
offline_keylogger
true
-
password
hhhhhh
-
persistence
true
-
reg_key
winworde
Extracted
asyncrat
0.5.6A
sandyclark255.hopto.org:6606
sandyclark255.hopto.org:8808
sandyclark255.hopto.org:7707
adeweqwsds33
-
aes_key
VhvRfPRGj3DXYrQBZXEtiFBwxpOo0frl
-
anti_detection
false
-
autorun
true
-
bdos
false
- delay
-
host
sandyclark255.hopto.org
- hwid
- install_file
-
install_folder
%Temp%
-
mutex
adeweqwsds33
-
pastebin_config
null
-
port
6606,8808,7707
-
version
0.5.6A
Targets
-
-
Target
c756c7431558b4848bbd865af6aba43f
-
Size
3.8MB
-
MD5
c756c7431558b4848bbd865af6aba43f
-
SHA1
e34592243c9a070c91bc4735ca9d9cc67066a40f
-
SHA256
2f8a1772bb051c6b730649fcbe00a51b20b0e4d6f71bd28e06d5d2cffd3e1621
-
SHA512
37ae8613a774708148c9fb5e59466f0fc361807dfde7c5ef9a892d4adc7e6648b6c8425bcfa40df98fea8d9846ddbf452504c14e12e320bf08af540b1a28e897
-
Modifies WinLogon for persistence
-
Async RAT payload
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-