General
-
Target
21c8760522b1c8d9406627f89e450429589d7b427820ab99c8b144f5d2d4e36e
-
Size
1.5MB
-
Sample
201109-qtffln8cy6
-
MD5
a0dc02d95386e0fd2b6109256080f35e
-
SHA1
c46dbb23b24806d90cc7a564be0fd6062176cf67
-
SHA256
21c8760522b1c8d9406627f89e450429589d7b427820ab99c8b144f5d2d4e36e
-
SHA512
525d4287c27533bc53319507a1a4f4cd883d6f4db7b97339e6e26ed54e4fb504e4406aaab116980be608ac65a57fc065bf17c9cfe823443f20c25ac9a09c1c15
Static task
static1
Behavioral task
behavioral1
Sample
21c8760522b1c8d9406627f89e450429589d7b427820ab99c8b144f5d2d4e36e.exe
Resource
win7v20201028
Malware Config
Extracted
darkcomet
Runescape
mrsnickers03.no-ip.biz:340
DC_MUTEX-6ZFK11A
-
gencode
uNwew4gojxtu
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
21c8760522b1c8d9406627f89e450429589d7b427820ab99c8b144f5d2d4e36e
-
Size
1.5MB
-
MD5
a0dc02d95386e0fd2b6109256080f35e
-
SHA1
c46dbb23b24806d90cc7a564be0fd6062176cf67
-
SHA256
21c8760522b1c8d9406627f89e450429589d7b427820ab99c8b144f5d2d4e36e
-
SHA512
525d4287c27533bc53319507a1a4f4cd883d6f4db7b97339e6e26ed54e4fb504e4406aaab116980be608ac65a57fc065bf17c9cfe823443f20c25ac9a09c1c15
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-