General
-
Target
7744292984634c7a638686636bca0aa7
-
Size
1.7MB
-
Sample
201117-642hd2r842
-
MD5
370f76a9253bd1fa83bb0dc1d22ee657
-
SHA1
2a3bd7f2cefc1f7097861a816319b4a9f6bf5ec5
-
SHA256
b906fffb5dfe57a4a0704e2a89803ce0af2f9e6dc16338fab258051f1c8c4c0e
-
SHA512
ed6609bc1f544a12879cb15fd238dbd0899f1f1469ea4d28f6ebaaf3f286aa1f9aaa13cf8c6adf4afb0908d25316176023bacb5495867a6f93cebff10d9865af
Static task
static1
Behavioral task
behavioral1
Sample
7744292984634c7a638686636bca0aa7.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
7744292984634c7a638686636bca0aa7.exe
Resource
win10v20201028
Malware Config
Extracted
darkcomet
Minecraft ModPack
nikitahack.ddns.net:1604
DC_MUTEX-QGCEW90
-
InstallPath
Java\JavawsJRE06.exe
-
gencode
uYzRTNcaeUFc
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
JavaUpdater
Targets
-
-
Target
7744292984634c7a638686636bca0aa7
-
Size
1.7MB
-
MD5
370f76a9253bd1fa83bb0dc1d22ee657
-
SHA1
2a3bd7f2cefc1f7097861a816319b4a9f6bf5ec5
-
SHA256
b906fffb5dfe57a4a0704e2a89803ce0af2f9e6dc16338fab258051f1c8c4c0e
-
SHA512
ed6609bc1f544a12879cb15fd238dbd0899f1f1469ea4d28f6ebaaf3f286aa1f9aaa13cf8c6adf4afb0908d25316176023bacb5495867a6f93cebff10d9865af
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
autoit_exe
AutoIT scripts compiled to PE executables.
-