General
-
Target
DAZ Studio Professional 4.15.0.30 x64c.exe
-
Size
536KB
-
Sample
211202-cmkynaabbn
-
MD5
6485a104cfdf2d8e847f3116347736a6
-
SHA1
17d5e7d32055ed9c98de05b9f14c9ae2cb573fcc
-
SHA256
43017a60a99ab0a9ac4ac4087b4d25ff4263e5bae796f4979d777395ae09e67b
-
SHA512
0ff04031a776e5beb8062bc6483f265f5e043b44d760320b2052a7ce98d6b3181cd7e1f4c69374e9af4a9397a48c83c95d61aee733c03a8d2ef1acafe454ac8c
Static task
static1
Behavioral task
behavioral1
Sample
DAZ Studio Professional 4.15.0.30 x64c.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
DAZ Studio Professional 4.15.0.30 x64c.exe
Resource
win10-en-20211014
Malware Config
Extracted
darkcomet
DAZ Studio Professional 4.15.0.30 x64
clientts.ddns.net:1604
DCMIN_MUTEX-7VA997K
-
gencode
iVpp885bSBQY
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
DAZ Studio Professional 4.15.0.30 x64c.exe
-
Size
536KB
-
MD5
6485a104cfdf2d8e847f3116347736a6
-
SHA1
17d5e7d32055ed9c98de05b9f14c9ae2cb573fcc
-
SHA256
43017a60a99ab0a9ac4ac4087b4d25ff4263e5bae796f4979d777395ae09e67b
-
SHA512
0ff04031a776e5beb8062bc6483f265f5e043b44d760320b2052a7ce98d6b3181cd7e1f4c69374e9af4a9397a48c83c95d61aee733c03a8d2ef1acafe454ac8c
-
Modifies WinLogon for persistence
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-