General
-
Target
Anti-Virus.bin.zip
-
Size
354KB
-
Sample
201105-6eystvbfce
-
MD5
471cde6cdbff959ab3f584513fb9eea2
-
SHA1
170d3f070749c48e1ce944f2d2253b16328310c5
-
SHA256
a817f840ad7e96284110c9ebecafa55f632291ab2fb48996265bc8cb7a4a9be7
-
SHA512
c68c88ccc208911d19b916795899daff53b8cf0850fe3cd50e6077f8d2038688cf8f959a51229fcd70e8baf4d17d29157fb54cc2fbb22f7625c68572d2a27c69
Static task
static1
Behavioral task
behavioral1
Sample
Anti-Virus.bin.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Anti-Virus.bin.exe
Resource
win10v20201028
Malware Config
Extracted
darkcomet
Anti-Virus
guestanduser.no-ip.biz:1604
DCMIN_MUTEX-7DT47PK
-
InstallPath
DCSCMIN\IMDCSC.exe
-
gencode
9FVdx8Zdf0oG
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
DarkComet RAT
Targets
-
-
Target
Anti-Virus.bin
-
Size
724KB
-
MD5
c7fff9b0cd6c657ba179d847d8bc3087
-
SHA1
d5f1e1f68122e48f04729a758dd4c1adcc7ed50f
-
SHA256
8aa7d2dab7187fd429bd289a953e3c5b857c6f7c2709f82f43b603ed5649b958
-
SHA512
65d9f8ee728ac9a11dcf0f286f5d656b81f2a3e1d980d92fd209e2e88c103778542c2d4538bf51d3a7881dd5bfceec51bf270f96f1fe4097bacc0a84900f9870
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-