General
-
Target
8b4e13336abef6ecfbff5b1fea65e840863acbe85ef008fc43f4c6f108b391b8
-
Size
404KB
-
Sample
201106-ndq1xecsge
-
MD5
031bc4d25f79bc974e1eb0a389590a4d
-
SHA1
35ca2381988729dd6ac4f57f945472b56a76182b
-
SHA256
8b4e13336abef6ecfbff5b1fea65e840863acbe85ef008fc43f4c6f108b391b8
-
SHA512
393c8e69c3f69754b42f09ce227548f6c1b2b722384ce92c669ccad072f9d730a06c93132b9ec43f51f0eb4d7ad04197fc23d8b61dc6aa9351b9ce12ddcd9820
Static task
static1
Behavioral task
behavioral1
Sample
8b4e13336abef6ecfbff5b1fea65e840863acbe85ef008fc43f4c6f108b391b8.exe
Resource
win7v20201028
Malware Config
Extracted
darkcomet
PrivCrypt
emile2012.no-ip.info:1337
DCMIN_MUTEX-WB71XN1
-
gencode
dby0EQrVG8Ck
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
8b4e13336abef6ecfbff5b1fea65e840863acbe85ef008fc43f4c6f108b391b8
-
Size
404KB
-
MD5
031bc4d25f79bc974e1eb0a389590a4d
-
SHA1
35ca2381988729dd6ac4f57f945472b56a76182b
-
SHA256
8b4e13336abef6ecfbff5b1fea65e840863acbe85ef008fc43f4c6f108b391b8
-
SHA512
393c8e69c3f69754b42f09ce227548f6c1b2b722384ce92c669ccad072f9d730a06c93132b9ec43f51f0eb4d7ad04197fc23d8b61dc6aa9351b9ce12ddcd9820
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-