General
-
Target
setup.exe
-
Size
634KB
-
Sample
211202-b5mpjadae5
-
MD5
a5a31f043f4e293e2760ccb4f209451e
-
SHA1
81ca6f4f16e8968e789332a6f3a6bf6847ed5fd5
-
SHA256
18f6743a982938fa45f0505b542d114a803e1246cb93382f71cf3b5598f3e986
-
SHA512
19205650a46d3db2eb02ceb060da1297b6b774fa1f08aa3f93e9ed251733bb73094f915e2e68b438364b68a02a5102d9cc83ad890ddafc6a0413adf71fa61ecc
Static task
static1
Behavioral task
behavioral1
Sample
setup.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
setup.exe
Resource
win10-en-20211104
Malware Config
Extracted
darkcomet
dobe Photoshop 2022
clientts.ddns.net:1604
DCMIN_MUTEX-AXQ2YN9
-
gencode
6dlKzQlMJ5u3
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
setup.exe
-
Size
634KB
-
MD5
a5a31f043f4e293e2760ccb4f209451e
-
SHA1
81ca6f4f16e8968e789332a6f3a6bf6847ed5fd5
-
SHA256
18f6743a982938fa45f0505b542d114a803e1246cb93382f71cf3b5598f3e986
-
SHA512
19205650a46d3db2eb02ceb060da1297b6b774fa1f08aa3f93e9ed251733bb73094f915e2e68b438364b68a02a5102d9cc83ad890ddafc6a0413adf71fa61ecc
-
Modifies WinLogon for persistence
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-