General
-
Target
b243cf67bf384a80b8de34c6e8b351bb3f6cbe2c24ef4c7168489ce0bde00e1d
-
Size
2.5MB
-
Sample
210518-1m25p5ja4x
-
MD5
5b5ac97705245c79b7dc5553ea9ef725
-
SHA1
8c43d1de280dc53dad5c95d765ef78b52a81c62d
-
SHA256
b243cf67bf384a80b8de34c6e8b351bb3f6cbe2c24ef4c7168489ce0bde00e1d
-
SHA512
8715ae2dac65df613e5ad5715b4240a947597918caa890e4b1610166f73b75736fb536330d14e6a5fa1395f80fb37ea35aa98bf328a6d1b71354aa789a93443c
Malware Config
Extracted
darkcomet
777
mywin7man.ddns.net:400
mywin7man.p-e.kr:400
DC_MUTEX-ETJWHM7
-
InstallPath
windowscra.exe
-
gencode
Pi9Netx9cyRC
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Extracted
njrat
0.7d
HacKed
mywin7man.p-e.kr:200
7321baaff10c1ea75810eb114d0daa00
-
reg_key
7321baaff10c1ea75810eb114d0daa00
-
splitter
|'|'|
Targets
-
-
Target
b243cf67bf384a80b8de34c6e8b351bb3f6cbe2c24ef4c7168489ce0bde00e1d
-
Size
2.5MB
-
MD5
5b5ac97705245c79b7dc5553ea9ef725
-
SHA1
8c43d1de280dc53dad5c95d765ef78b52a81c62d
-
SHA256
b243cf67bf384a80b8de34c6e8b351bb3f6cbe2c24ef4c7168489ce0bde00e1d
-
SHA512
8715ae2dac65df613e5ad5715b4240a947597918caa890e4b1610166f73b75736fb536330d14e6a5fa1395f80fb37ea35aa98bf328a6d1b71354aa789a93443c
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
Disables RegEdit via registry modification
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-