General
-
Target
f79c8ce6cbed48827a43fdde4b17a5cedee63df85066aba1b2078470f68fb43a
-
Size
3.6MB
-
Sample
201108-cqg7py32r6
-
MD5
a683b356df3c7d41d00a38bb4fdd31fe
-
SHA1
7cc22ca306b2ae8868030bf15274129763604ea0
-
SHA256
f79c8ce6cbed48827a43fdde4b17a5cedee63df85066aba1b2078470f68fb43a
-
SHA512
5865f3aad25c75ab672e188d55dd14027f7e8e2fcd303b4bcb163041c71d2644f7f280654230b82a99be54ec1b30191af461387cbb2db20e728d5ebce59acb9e
Static task
static1
Behavioral task
behavioral1
Sample
f79c8ce6cbed48827a43fdde4b17a5cedee63df85066aba1b2078470f68fb43a.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
f79c8ce6cbed48827a43fdde4b17a5cedee63df85066aba1b2078470f68fb43a.exe
Resource
win10v20201028
Malware Config
Extracted
darkcomet
Puffy 001
againme666.ddns.net:1604
DC_MUTEX-8FFHWUR
-
gencode
iGsZPLQk83py
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
f79c8ce6cbed48827a43fdde4b17a5cedee63df85066aba1b2078470f68fb43a
-
Size
3.6MB
-
MD5
a683b356df3c7d41d00a38bb4fdd31fe
-
SHA1
7cc22ca306b2ae8868030bf15274129763604ea0
-
SHA256
f79c8ce6cbed48827a43fdde4b17a5cedee63df85066aba1b2078470f68fb43a
-
SHA512
5865f3aad25c75ab672e188d55dd14027f7e8e2fcd303b4bcb163041c71d2644f7f280654230b82a99be54ec1b30191af461387cbb2db20e728d5ebce59acb9e
Score10/10-
Modifies WinLogon for persistence
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-