General
-
Target
3717bcafe138127143c62d0dee487defbe451a3c818f98f5e8c9d0f43bbd6e96
-
Size
1.8MB
-
Sample
210928-k7zasabcc9
-
MD5
ef0fa837326628bff5da076ad75a562a
-
SHA1
e6647ac7c03b9820b2cb23ab174caf4562c3ba59
-
SHA256
3717bcafe138127143c62d0dee487defbe451a3c818f98f5e8c9d0f43bbd6e96
-
SHA512
c38c80dd206177e6cc6b12a857b06d500c0a3564bf28ce617ef200b2ac4a16fefb32bfe38babb6870190f89ebec24b2dc733070be82af8998db6bb5eae5fd4fc
Static task
static1
Behavioral task
behavioral1
Sample
3717bcafe138127143c62d0dee487defbe451a3c818f98f5e8c9d0f43bbd6e96.exe
Resource
win7v20210408
Malware Config
Extracted
darkcomet
Guest16
xExplictions.no-ip.biz:1604
DC_MUTEX-GK7869K
-
gencode
jpGnHQUvJBkz
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
3717bcafe138127143c62d0dee487defbe451a3c818f98f5e8c9d0f43bbd6e96
-
Size
1.8MB
-
MD5
ef0fa837326628bff5da076ad75a562a
-
SHA1
e6647ac7c03b9820b2cb23ab174caf4562c3ba59
-
SHA256
3717bcafe138127143c62d0dee487defbe451a3c818f98f5e8c9d0f43bbd6e96
-
SHA512
c38c80dd206177e6cc6b12a857b06d500c0a3564bf28ce617ef200b2ac4a16fefb32bfe38babb6870190f89ebec24b2dc733070be82af8998db6bb5eae5fd4fc
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-