General
-
Target
604e4247761d68d1440d9fbabdb850dad0ac645b509dfa549dcae6f62d3369fb
-
Size
607KB
-
Sample
220731-ghy2yabdf6
-
MD5
7c61ea274ae16be5b9ee69e74324a783
-
SHA1
4889fa1788ffbdb1ae885ae0abae0faccf27a60c
-
SHA256
604e4247761d68d1440d9fbabdb850dad0ac645b509dfa549dcae6f62d3369fb
-
SHA512
042bb546db30a104568bea2696babb046e57211a0f1015a27f4bfb132464a6b6de2af4f089701947df2f5fc4bd1272b1543841014e8af926ace829e51f9ab4d8
Static task
static1
Behavioral task
behavioral1
Sample
604e4247761d68d1440d9fbabdb850dad0ac645b509dfa549dcae6f62d3369fb.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
604e4247761d68d1440d9fbabdb850dad0ac645b509dfa549dcae6f62d3369fb.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
darkcomet
Oct 2018
bonding79.ddns.net:3317
william1979.ddns.net:3317
mathkros79.ddns.net:3317
engine79.ddns.net:3317
chrisle79.ddns.net:3317
jacknop79.ddns.net:3317
smath79.ddns.net:3317
whatis79.ddns.net:3317
goodgt79.ddns.net:3317
DC_MUTEX-VRTY2MN
-
gencode
2tLRABzhUVbg
-
install
false
-
offline_keylogger
true
-
password
Password20$
-
persistence
false
Targets
-
-
Target
604e4247761d68d1440d9fbabdb850dad0ac645b509dfa549dcae6f62d3369fb
-
Size
607KB
-
MD5
7c61ea274ae16be5b9ee69e74324a783
-
SHA1
4889fa1788ffbdb1ae885ae0abae0faccf27a60c
-
SHA256
604e4247761d68d1440d9fbabdb850dad0ac645b509dfa549dcae6f62d3369fb
-
SHA512
042bb546db30a104568bea2696babb046e57211a0f1015a27f4bfb132464a6b6de2af4f089701947df2f5fc4bd1272b1543841014e8af926ace829e51f9ab4d8
Score10/10-
Modifies WinLogon for persistence
-
Suspicious use of SetThreadContext
-