General
-
Target
9407592c980f29ee1c1a65cf6ee71920cd0e13692e04e993f10c9f0d54a78150
-
Size
696KB
-
Sample
201111-xld94ppa2a
-
MD5
45ca09f8a6501a975f80648796028ed9
-
SHA1
f3097041491f92b43d8fd3006dba0343902c0e5a
-
SHA256
9407592c980f29ee1c1a65cf6ee71920cd0e13692e04e993f10c9f0d54a78150
-
SHA512
d5422e4ab8c191b71f48f84e9bb11140d0bac48fb510f87aa52e57c4eef353fe73c4de9a3c394e17393b7eae6a19a810919c19803c55fa03bad2936c614b75c0
Static task
static1
Behavioral task
behavioral1
Sample
9407592c980f29ee1c1a65cf6ee71920cd0e13692e04e993f10c9f0d54a78150.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
9407592c980f29ee1c1a65cf6ee71920cd0e13692e04e993f10c9f0d54a78150.exe
Resource
win10v20201028
Malware Config
Extracted
darkcomet
Guest16
127.0.0.1:1604
DC_MUTEX-BKE0JZ7
-
gencode
S8iZHhadZw9D
-
install
false
-
offline_keylogger
true
-
persistence
false
Extracted
nanocore
1.2.2.0
holimoneygoinghome.duckdns.org:3480
backupdude.duckdns.org:3480
55288034-6c4a-41c5-9553-002af8c51b9d
-
activate_away_mode
false
-
backup_connection_host
backupdude.duckdns.org
-
backup_dns_server
8.8.4.4
-
buffer_size
65535
-
build_time
2018-09-21T22:04:09.302157836Z
-
bypass_user_account_control
true
- bypass_user_account_control_data
-
clear_access_control
true
-
clear_zone_identifier
false
-
connect_delay
4000
-
connection_port
3480
-
default_group
Host
-
enable_debug_mode
true
-
gc_threshold
1.048576e+07
-
keep_alive_timeout
30000
-
keyboard_logging
false
-
lan_timeout
2500
-
max_packet_size
1.048576e+07
-
mutex
55288034-6c4a-41c5-9553-002af8c51b9d
-
mutex_timeout
5000
-
prevent_system_sleep
false
-
primary_connection_host
holimoneygoinghome.duckdns.org
-
primary_dns_server
8.8.8.8
-
request_elevation
true
-
restart_delay
5000
-
run_delay
6
-
run_on_startup
true
-
set_critical_process
true
-
timeout_interval
5000
-
use_custom_dns_server
false
-
version
1.2.2.0
-
wan_timeout
8000
Targets
-
-
Target
9407592c980f29ee1c1a65cf6ee71920cd0e13692e04e993f10c9f0d54a78150
-
Size
696KB
-
MD5
45ca09f8a6501a975f80648796028ed9
-
SHA1
f3097041491f92b43d8fd3006dba0343902c0e5a
-
SHA256
9407592c980f29ee1c1a65cf6ee71920cd0e13692e04e993f10c9f0d54a78150
-
SHA512
d5422e4ab8c191b71f48f84e9bb11140d0bac48fb510f87aa52e57c4eef353fe73c4de9a3c394e17393b7eae6a19a810919c19803c55fa03bad2936c614b75c0
-
NetWire RAT payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-