General
-
Target
647d85e63f398b6ed2cda3d3d4fbdd8d3babb248eb30f0c098e93f28f4d3cf49
-
Size
974KB
-
Sample
210505-bh46am5p72
-
MD5
c8cd16823264b18fa58a2eece64ca233
-
SHA1
79e17e8812c5eca9ca7d460c6c340b72175226d2
-
SHA256
647d85e63f398b6ed2cda3d3d4fbdd8d3babb248eb30f0c098e93f28f4d3cf49
-
SHA512
af2e74d4b24d0e52bdcd8e26615fb56802df28385363bca3b8eb4c3d349bd15e83b1612e5a895221c3fcfeee1c5522d441e925731673058e4fe8df6a34129cda
Static task
static1
Behavioral task
behavioral1
Sample
647d85e63f398b6ed2cda3d3d4fbdd8d3babb248eb30f0c098e93f28f4d3cf49.exe
Resource
win7v20210408
Malware Config
Extracted
darkcomet
Sazan
0.tcp.ngrok.io:15969
DC_MUTEX-YMVEUJL
-
gencode
RKM4mzJrG4PA
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
647d85e63f398b6ed2cda3d3d4fbdd8d3babb248eb30f0c098e93f28f4d3cf49
-
Size
974KB
-
MD5
c8cd16823264b18fa58a2eece64ca233
-
SHA1
79e17e8812c5eca9ca7d460c6c340b72175226d2
-
SHA256
647d85e63f398b6ed2cda3d3d4fbdd8d3babb248eb30f0c098e93f28f4d3cf49
-
SHA512
af2e74d4b24d0e52bdcd8e26615fb56802df28385363bca3b8eb4c3d349bd15e83b1612e5a895221c3fcfeee1c5522d441e925731673058e4fe8df6a34129cda
-
Drops startup file
-
Suspicious use of SetThreadContext
-