General
-
Target
f75668dcd2d8c554bde126315253439858d2155588b1889473a7df5914537f10
-
Size
1.7MB
-
Sample
201112-8nlf6y7ew2
-
MD5
157f112cfb8c360b3673a65917d878ae
-
SHA1
cec665afc9feaf726434c64d9db7d0910d06953e
-
SHA256
f75668dcd2d8c554bde126315253439858d2155588b1889473a7df5914537f10
-
SHA512
16b193883017c0e201a4347ed7a52540f4f3dcc5ca13df6c432ca89234b5afdb09e32be100a703e8da8e0a37b95f78d1dbe4dfdfe0ef8c0dfa7eda9abdba388a
Static task
static1
Behavioral task
behavioral1
Sample
f75668dcd2d8c554bde126315253439858d2155588b1889473a7df5914537f10.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
f75668dcd2d8c554bde126315253439858d2155588b1889473a7df5914537f10.exe
Resource
win10v20201028
Malware Config
Extracted
darkcomet
Minecraft ModPack
nikitahack.ddns.net:1604
DC_MUTEX-QGCEW90
-
InstallPath
Java\JavawsJRE06.exe
-
gencode
uYzRTNcaeUFc
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
JavaUpdater
Targets
-
-
Target
f75668dcd2d8c554bde126315253439858d2155588b1889473a7df5914537f10
-
Size
1.7MB
-
MD5
157f112cfb8c360b3673a65917d878ae
-
SHA1
cec665afc9feaf726434c64d9db7d0910d06953e
-
SHA256
f75668dcd2d8c554bde126315253439858d2155588b1889473a7df5914537f10
-
SHA512
16b193883017c0e201a4347ed7a52540f4f3dcc5ca13df6c432ca89234b5afdb09e32be100a703e8da8e0a37b95f78d1dbe4dfdfe0ef8c0dfa7eda9abdba388a
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
autoit_exe
AutoIT scripts compiled to PE executables.
-