General
-
Target
68d39181bb6b297c1896e45e834e64dedd92ec9fc129294e8d566e39bbc597bc
-
Size
673KB
-
Sample
201111-d8cx469la2
-
MD5
a1956148181fdefbbbbac3a2f2b73f25
-
SHA1
b4eb63ef287a20651558bca2984bb6d562b36c2d
-
SHA256
68d39181bb6b297c1896e45e834e64dedd92ec9fc129294e8d566e39bbc597bc
-
SHA512
90b7e941dc4f7bad699062d7c74829a4f52db5156816b1a9b57f29740f3ceb2918577b980b732c592723e2dab983d024e0169d7c7866dab679564d6bbe27f62b
Static task
static1
Behavioral task
behavioral1
Sample
68d39181bb6b297c1896e45e834e64dedd92ec9fc129294e8d566e39bbc597bc.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
68d39181bb6b297c1896e45e834e64dedd92ec9fc129294e8d566e39bbc597bc.exe
Resource
win10v20201028
Malware Config
Extracted
darkcomet
jenny svc
againme666.ddns.net:1604
DC_MUTEX-Q77FTXU
-
gencode
Pr3V0ty23oPh
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
68d39181bb6b297c1896e45e834e64dedd92ec9fc129294e8d566e39bbc597bc
-
Size
673KB
-
MD5
a1956148181fdefbbbbac3a2f2b73f25
-
SHA1
b4eb63ef287a20651558bca2984bb6d562b36c2d
-
SHA256
68d39181bb6b297c1896e45e834e64dedd92ec9fc129294e8d566e39bbc597bc
-
SHA512
90b7e941dc4f7bad699062d7c74829a4f52db5156816b1a9b57f29740f3ceb2918577b980b732c592723e2dab983d024e0169d7c7866dab679564d6bbe27f62b
Score10/10-
Modifies WinLogon for persistence
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-