General
-
Target
5bc54b6f81569e630733498ac48acabc57a1ccdeab90ebe18ee10ae98e18a035
-
Size
557KB
-
Sample
220801-t8y6vadec9
-
MD5
8124c9f099c9f63e5c74e50ce88a20f9
-
SHA1
8d303d6c8cf8657591c3ef54091ab40ab5040216
-
SHA256
5bc54b6f81569e630733498ac48acabc57a1ccdeab90ebe18ee10ae98e18a035
-
SHA512
3e767055fcfd00dba37132acbd6a3aa59c89b11ec275308539fce792c7a4c179b7d7b23a04d75b636b065bd3aa7b3d83d3f1e74825c2ab3a69d47e7abed117ce
Static task
static1
Behavioral task
behavioral1
Sample
5bc54b6f81569e630733498ac48acabc57a1ccdeab90ebe18ee10ae98e18a035.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
5bc54b6f81569e630733498ac48acabc57a1ccdeab90ebe18ee10ae98e18a035.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
darkcomet
MOTHER_RUSSIA1337
78.241.110.19:1604
DCMIN_MUTEX-59CFP7U
-
gencode
L8HhMWNoUZAv
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
5bc54b6f81569e630733498ac48acabc57a1ccdeab90ebe18ee10ae98e18a035
-
Size
557KB
-
MD5
8124c9f099c9f63e5c74e50ce88a20f9
-
SHA1
8d303d6c8cf8657591c3ef54091ab40ab5040216
-
SHA256
5bc54b6f81569e630733498ac48acabc57a1ccdeab90ebe18ee10ae98e18a035
-
SHA512
3e767055fcfd00dba37132acbd6a3aa59c89b11ec275308539fce792c7a4c179b7d7b23a04d75b636b065bd3aa7b3d83d3f1e74825c2ab3a69d47e7abed117ce
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-