General
-
Target
Order Requirement 893.exe
-
Size
3.1MB
-
Sample
210422-99vzly2jk6
-
MD5
94d0f17a6ccc191912e09efdbe611f5e
-
SHA1
347d4231e88ac6fe82a8e701d0b16cfac652c92c
-
SHA256
e3532fb1c9e0c23e6e0b556425bceb08953c97883aacfb347789a3d8dd80099d
-
SHA512
7c322675175a6f3d50ce72208e6275e3853ea25de8beac1ff81ed8638fc7a305cb50f967cb194c146ac417c78593b9a1f1c18d01fd90fcc2ce3d5a2bbb31c76d
Static task
static1
Behavioral task
behavioral1
Sample
Order Requirement 893.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
Order Requirement 893.exe
Resource
win10v20210410
Malware Config
Extracted
darkcomet
April 2021
bonding79.ddns.net:3316
goodgt79.ddns.net:3316
whatis79.ddns.net:3316
smath79.ddns.net:3316
jacknop79.ddns.net:3316
chrisle79.ddns.net:3316
DC_MUTEX-L1TFBNC
-
gencode
PvcfTTVpBSKd
-
install
false
-
offline_keylogger
true
-
password
Password20$
-
persistence
false
Targets
-
-
Target
Order Requirement 893.exe
-
Size
3.1MB
-
MD5
94d0f17a6ccc191912e09efdbe611f5e
-
SHA1
347d4231e88ac6fe82a8e701d0b16cfac652c92c
-
SHA256
e3532fb1c9e0c23e6e0b556425bceb08953c97883aacfb347789a3d8dd80099d
-
SHA512
7c322675175a6f3d50ce72208e6275e3853ea25de8beac1ff81ed8638fc7a305cb50f967cb194c146ac417c78593b9a1f1c18d01fd90fcc2ce3d5a2bbb31c76d
Score10/10-
Modifies WinLogon for persistence
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-