General
-
Target
8b540bf1f0f283d0a074b95422f7c619f7c81a73067d2e1e00e72d923575c51d
-
Size
3.6MB
-
Sample
201106-xt6sm3e4r2
-
MD5
0cc4b215bf319dfc3a93c784a9e455ec
-
SHA1
4f39f687c1449665f66081325bebada166772d28
-
SHA256
8b540bf1f0f283d0a074b95422f7c619f7c81a73067d2e1e00e72d923575c51d
-
SHA512
ed84d3e693c18348fc61a6e0698d095e3efbedb8b99cafc5cd47d938905a276dfaecae4c789ae2a17b2bfc4dc6a4b4b5c0c9e607fe9d16899351724a7309d993
Static task
static1
Behavioral task
behavioral1
Sample
8b540bf1f0f283d0a074b95422f7c619f7c81a73067d2e1e00e72d923575c51d.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
8b540bf1f0f283d0a074b95422f7c619f7c81a73067d2e1e00e72d923575c51d.exe
Resource
win10v20201028
Malware Config
Extracted
darkcomet
Puffy 001
againme666.ddns.net:1604
DC_MUTEX-8FFHWUR
-
gencode
iGsZPLQk83py
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
8b540bf1f0f283d0a074b95422f7c619f7c81a73067d2e1e00e72d923575c51d
-
Size
3.6MB
-
MD5
0cc4b215bf319dfc3a93c784a9e455ec
-
SHA1
4f39f687c1449665f66081325bebada166772d28
-
SHA256
8b540bf1f0f283d0a074b95422f7c619f7c81a73067d2e1e00e72d923575c51d
-
SHA512
ed84d3e693c18348fc61a6e0698d095e3efbedb8b99cafc5cd47d938905a276dfaecae4c789ae2a17b2bfc4dc6a4b4b5c0c9e607fe9d16899351724a7309d993
Score10/10-
Modifies WinLogon for persistence
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-