General
-
Target
ddd6405699a1b9d274a9ec1ee86fd97b
-
Size
1.1MB
-
Sample
201026-q2l792x9fj
-
MD5
ddd6405699a1b9d274a9ec1ee86fd97b
-
SHA1
167499450b5b204eb319792c9a5cea7fdf83e858
-
SHA256
86f3d464496271328b6bf4c63c0feeec0f5381d11cec24d2f753cf07f2e4cb96
-
SHA512
3da3574fca2f9ecf3e73479235b3a6bb2d3fdf3695b75583e4528b5efbf87546eeed4c408ee31e849294bc1fe48cc1a97e50638f6b2d27fe161ac31d2e50d6e7
Static task
static1
Behavioral task
behavioral1
Sample
ddd6405699a1b9d274a9ec1ee86fd97b.exe
Resource
win7
Behavioral task
behavioral2
Sample
ddd6405699a1b9d274a9ec1ee86fd97b.exe
Resource
win10
Malware Config
Extracted
darkcomet
Dark
uchedack.no-ip.org:6666
DC_MUTEX-15LJ0H8
-
gencode
cnD6zzq2qYhm
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
ddd6405699a1b9d274a9ec1ee86fd97b
-
Size
1.1MB
-
MD5
ddd6405699a1b9d274a9ec1ee86fd97b
-
SHA1
167499450b5b204eb319792c9a5cea7fdf83e858
-
SHA256
86f3d464496271328b6bf4c63c0feeec0f5381d11cec24d2f753cf07f2e4cb96
-
SHA512
3da3574fca2f9ecf3e73479235b3a6bb2d3fdf3695b75583e4528b5efbf87546eeed4c408ee31e849294bc1fe48cc1a97e50638f6b2d27fe161ac31d2e50d6e7
Score10/10-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-