General
-
Target
d35485fe44100a4643b22dc9ccaf443a4e98890710ee52701147e2144cf164ab
-
Size
659KB
-
Sample
210921-kh5q9sbegk
-
MD5
5bfa0be4efc7ffb3b6e2cd63b78fbb5b
-
SHA1
92031a89f86535db2085ed43dd8034e905169c6f
-
SHA256
d35485fe44100a4643b22dc9ccaf443a4e98890710ee52701147e2144cf164ab
-
SHA512
f797d3be2e3f99a621be6a0dcc0e4e1cb0bb3263192feae27828b5adf234e350d7adf84f383ef2adb6ccccce0a95a0f6e9a93601a57a48e5f35aed5f218f7130
Behavioral task
behavioral1
Sample
d35485fe44100a4643b22dc9ccaf443a4e98890710ee52701147e2144cf164ab.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
d35485fe44100a4643b22dc9ccaf443a4e98890710ee52701147e2144cf164ab.exe
Resource
win10v20210408
Malware Config
Extracted
darkcomet
Guest16
6.tcp.ngrok.io:19838
6.tcp.ngrok.io:1604
DC_MUTEX-R7Y8PG9
-
InstallPath
Java/exe
-
gencode
aE8nfjsgA5tn
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
Java
Targets
-
-
Target
d35485fe44100a4643b22dc9ccaf443a4e98890710ee52701147e2144cf164ab
-
Size
659KB
-
MD5
5bfa0be4efc7ffb3b6e2cd63b78fbb5b
-
SHA1
92031a89f86535db2085ed43dd8034e905169c6f
-
SHA256
d35485fe44100a4643b22dc9ccaf443a4e98890710ee52701147e2144cf164ab
-
SHA512
f797d3be2e3f99a621be6a0dcc0e4e1cb0bb3263192feae27828b5adf234e350d7adf84f383ef2adb6ccccce0a95a0f6e9a93601a57a48e5f35aed5f218f7130
Score10/10-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Adds Run key to start application
-