General
-
Target
08cb598a06ac7af5e79b41b4ce3bd4b2d6c37c1cbaa7c3e1e785f3038e08da3a
-
Size
1.7MB
-
Sample
201111-99g3qdnxaj
-
MD5
7744292984634c7a638686636bca0aa7
-
SHA1
c4e2978c9ceab4193f1377ffe73e24df1f803cb7
-
SHA256
08cb598a06ac7af5e79b41b4ce3bd4b2d6c37c1cbaa7c3e1e785f3038e08da3a
-
SHA512
47771e86839cba6de7822bb86f43d7243bea015819738f543e8478b065db6e4d41f5befe3c645393ceea6a72eb5b1758c04f05a9f123e59b9a75d45ba076f432
Static task
static1
Behavioral task
behavioral1
Sample
08cb598a06ac7af5e79b41b4ce3bd4b2d6c37c1cbaa7c3e1e785f3038e08da3a.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
08cb598a06ac7af5e79b41b4ce3bd4b2d6c37c1cbaa7c3e1e785f3038e08da3a.exe
Resource
win10v20201028
Malware Config
Extracted
darkcomet
Minecraft ModPack
nikitahack.ddns.net:1604
DC_MUTEX-QGCEW90
-
InstallPath
Java\JavawsJRE06.exe
-
gencode
uYzRTNcaeUFc
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
JavaUpdater
Targets
-
-
Target
08cb598a06ac7af5e79b41b4ce3bd4b2d6c37c1cbaa7c3e1e785f3038e08da3a
-
Size
1.7MB
-
MD5
7744292984634c7a638686636bca0aa7
-
SHA1
c4e2978c9ceab4193f1377ffe73e24df1f803cb7
-
SHA256
08cb598a06ac7af5e79b41b4ce3bd4b2d6c37c1cbaa7c3e1e785f3038e08da3a
-
SHA512
47771e86839cba6de7822bb86f43d7243bea015819738f543e8478b065db6e4d41f5befe3c645393ceea6a72eb5b1758c04f05a9f123e59b9a75d45ba076f432
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
autoit_exe
AutoIT scripts compiled to PE executables.
-