General
-
Target
Setup\setup.exe
-
Size
438KB
-
Sample
211202-erba5aebf3
-
MD5
7bc24f41ed99371db121f254bb976b1b
-
SHA1
97cd932ad75d50fa233f113361eac0250d162851
-
SHA256
eeca48eaa6357bdda81be1ed1809f67a4bd3cf6d34e161a5d0852072163ee6b1
-
SHA512
a6d401cf4811be012212462f83ed72d612c4aff80fbcdef8fa20d582011f04d9207f60f17f3b8b77951313614d9914e694a8d6a466848af3bf81d94d37aa7552
Static task
static1
Behavioral task
behavioral1
Sample
Setup\setup.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
Setup\setup.exe
Resource
win10-en-20211014
Malware Config
Extracted
darkcomet
Pixologic ZBrush v2022.0.1
clientts.ddns.net:1604
DCMIN_MUTEX-WDFEVZX
-
gencode
Efa3b9ZfkSe7
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
Setup\setup.exe
-
Size
438KB
-
MD5
7bc24f41ed99371db121f254bb976b1b
-
SHA1
97cd932ad75d50fa233f113361eac0250d162851
-
SHA256
eeca48eaa6357bdda81be1ed1809f67a4bd3cf6d34e161a5d0852072163ee6b1
-
SHA512
a6d401cf4811be012212462f83ed72d612c4aff80fbcdef8fa20d582011f04d9207f60f17f3b8b77951313614d9914e694a8d6a466848af3bf81d94d37aa7552
-
Modifies WinLogon for persistence
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-