General
-
Target
6a509f49d4ab35b9fc7ccc9df957ec64c1dc7f65e3a8f64c68b6a560adc9b6e7
-
Size
1.5MB
-
Sample
201109-h3bkea6pfs
-
MD5
126f5757d251196b27ca858ca09d4a0f
-
SHA1
b769b92f612f2cb9b3cee69bcfd60fae8a1909c1
-
SHA256
6a509f49d4ab35b9fc7ccc9df957ec64c1dc7f65e3a8f64c68b6a560adc9b6e7
-
SHA512
b74ba3f24d84ca23a83b0b07d51a9322486aba0497ee5682b45a661437125168eecec98f9a7ae57352cee647efb3ffd218f738fbaaef9cdb7cbda046edcde23d
Static task
static1
Behavioral task
behavioral1
Sample
6a509f49d4ab35b9fc7ccc9df957ec64c1dc7f65e3a8f64c68b6a560adc9b6e7.exe
Resource
win7v20201028
Malware Config
Extracted
darkcomet
Runescape
mrsnickers03.no-ip.biz:340
DC_MUTEX-6ZFK11A
-
gencode
uNwew4gojxtu
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
6a509f49d4ab35b9fc7ccc9df957ec64c1dc7f65e3a8f64c68b6a560adc9b6e7
-
Size
1.5MB
-
MD5
126f5757d251196b27ca858ca09d4a0f
-
SHA1
b769b92f612f2cb9b3cee69bcfd60fae8a1909c1
-
SHA256
6a509f49d4ab35b9fc7ccc9df957ec64c1dc7f65e3a8f64c68b6a560adc9b6e7
-
SHA512
b74ba3f24d84ca23a83b0b07d51a9322486aba0497ee5682b45a661437125168eecec98f9a7ae57352cee647efb3ffd218f738fbaaef9cdb7cbda046edcde23d
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-