General
-
Target
153adafeef04097d2f2dde2fce6d0105a3893c88e7722f930fa1979c112f877c.exe
-
Size
1.7MB
-
Sample
201109-qnrp3zkb8n
-
MD5
b73ddd5b666ee096c73d5dccee18b54b
-
SHA1
60483bb7bb5f6aea52b4afbc60b3d4cbe1bb9a00
-
SHA256
4bf25d8f561fa3bf452d87b82bbb051d074b2ae8bcebec1dc421d1e653902884
-
SHA512
ad7d8bcdf85eddc1412a6196392bec46ba3aaf8d9f1e48b399289e2225c42f43a5a4305840595ff96abf4f67eccf9e64669a77e8b2e6fabe8b84fbb533e893e2
Static task
static1
Behavioral task
behavioral1
Sample
153adafeef04097d2f2dde2fce6d0105a3893c88e7722f930fa1979c112f877c.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
153adafeef04097d2f2dde2fce6d0105a3893c88e7722f930fa1979c112f877c.exe
Resource
win10v20201028
Malware Config
Extracted
darkcomet
Guest16_min
127.0.0.1:82
DCMIN_MUTEX-U2EW3CZ
-
InstallPath
DCSCMIN\IMDCSC.exe
-
gencode
vzqTZlD6owu2
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
DarkComet RAT
Targets
-
-
Target
153adafeef04097d2f2dde2fce6d0105a3893c88e7722f930fa1979c112f877c.exe
-
Size
1.7MB
-
MD5
b73ddd5b666ee096c73d5dccee18b54b
-
SHA1
60483bb7bb5f6aea52b4afbc60b3d4cbe1bb9a00
-
SHA256
4bf25d8f561fa3bf452d87b82bbb051d074b2ae8bcebec1dc421d1e653902884
-
SHA512
ad7d8bcdf85eddc1412a6196392bec46ba3aaf8d9f1e48b399289e2225c42f43a5a4305840595ff96abf4f67eccf9e64669a77e8b2e6fabe8b84fbb533e893e2
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
autoit_exe
AutoIT scripts compiled to PE executables.
-