General
-
Target
f276c46a83f369dabc8e272b171b43109875016364078fc16a0f99a4d50cd91a
-
Size
897KB
-
Sample
220508-jg31lsecfp
-
MD5
d0509752639a169c3ac9dbc1c09a6c28
-
SHA1
d78582955c93852db3633806c7b03eea77640043
-
SHA256
f276c46a83f369dabc8e272b171b43109875016364078fc16a0f99a4d50cd91a
-
SHA512
606059db06b057d8b4bf4a1555e80e00bf410605875c4926541e64da5f3cd318169a065701f18c92bacfe544f0b97f5aa2b3444e4b41f8d173a8f14326b1ae56
Static task
static1
Behavioral task
behavioral1
Sample
f276c46a83f369dabc8e272b171b43109875016364078fc16a0f99a4d50cd91a.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
f276c46a83f369dabc8e272b171b43109875016364078fc16a0f99a4d50cd91a.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
darkcomet
Update
sosomelaine.ddns.net:1604
DC_MUTEX-8YW07F7
-
gencode
yNpsss59r5Df
-
install
false
-
offline_keylogger
true
-
password
amiga1200
-
persistence
false
Targets
-
-
Target
f276c46a83f369dabc8e272b171b43109875016364078fc16a0f99a4d50cd91a
-
Size
897KB
-
MD5
d0509752639a169c3ac9dbc1c09a6c28
-
SHA1
d78582955c93852db3633806c7b03eea77640043
-
SHA256
f276c46a83f369dabc8e272b171b43109875016364078fc16a0f99a4d50cd91a
-
SHA512
606059db06b057d8b4bf4a1555e80e00bf410605875c4926541e64da5f3cd318169a065701f18c92bacfe544f0b97f5aa2b3444e4b41f8d173a8f14326b1ae56
Score10/10-
Modifies WinLogon for persistence
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-