General
-
Target
e60c4be8e60b247c14021842a6543967b7ebd30992d12d634760ebf038773d6d
-
Size
1.7MB
-
Sample
201115-3lmbjww9ze
-
MD5
79ffe7bc9a93f541390aee0889a84eba
-
SHA1
f1252ad73b1b08ff53be5b8f5022a98982ba7230
-
SHA256
e60c4be8e60b247c14021842a6543967b7ebd30992d12d634760ebf038773d6d
-
SHA512
349380aabbecec6e64cd39b04f38c835f81aa8315c6058169e5e43a78f7e80c3d2ffc65168e60714b560ced3ed8002cdf53441d8de7f36a8a0dd2296d32a34c3
Static task
static1
Behavioral task
behavioral1
Sample
e60c4be8e60b247c14021842a6543967b7ebd30992d12d634760ebf038773d6d.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
e60c4be8e60b247c14021842a6543967b7ebd30992d12d634760ebf038773d6d.exe
Resource
win10v20201028
Malware Config
Extracted
darkcomet
Minecraft ModPack
nikitahack.ddns.net:1604
DC_MUTEX-QGCEW90
-
InstallPath
Java\JavawsJRE06.exe
-
gencode
uYzRTNcaeUFc
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
JavaUpdater
Targets
-
-
Target
e60c4be8e60b247c14021842a6543967b7ebd30992d12d634760ebf038773d6d
-
Size
1.7MB
-
MD5
79ffe7bc9a93f541390aee0889a84eba
-
SHA1
f1252ad73b1b08ff53be5b8f5022a98982ba7230
-
SHA256
e60c4be8e60b247c14021842a6543967b7ebd30992d12d634760ebf038773d6d
-
SHA512
349380aabbecec6e64cd39b04f38c835f81aa8315c6058169e5e43a78f7e80c3d2ffc65168e60714b560ced3ed8002cdf53441d8de7f36a8a0dd2296d32a34c3
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
autoit_exe
AutoIT scripts compiled to PE executables.
-