General
-
Target
afa9995e84e0b5c5fba66b6038b6feb45ded7d807e6b55fd84f0f9303c29a706
-
Size
796KB
-
Sample
221001-28effacfgp
-
MD5
6534e848ca264321e6c4d956678179a4
-
SHA1
600cf511423442a5be1dd170438277c5f8575301
-
SHA256
afa9995e84e0b5c5fba66b6038b6feb45ded7d807e6b55fd84f0f9303c29a706
-
SHA512
87532af0711ce2dcaf7765b635a17322ae6af11448cb422e648df49941184a9bbff49beb995c594e620b6ede570afda9f5ab3ae84a453da560acb77c0cc001bc
-
SSDEEP
24576:9T6pyJfnwuKuwq4IaUSDFHCtG37VAt9qTe5YEhwCEc:9Gp0z5jSDFHC3toTe57wCEc
Static task
static1
Behavioral task
behavioral1
Sample
afa9995e84e0b5c5fba66b6038b6feb45ded7d807e6b55fd84f0f9303c29a706.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
afa9995e84e0b5c5fba66b6038b6feb45ded7d807e6b55fd84f0f9303c29a706.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
darkcomet
Guest16
faqstank.no-ip.biz:1604
DC_MUTEX-BL1A8HM
-
gencode
uYo9tkQSNJyE
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
afa9995e84e0b5c5fba66b6038b6feb45ded7d807e6b55fd84f0f9303c29a706
-
Size
796KB
-
MD5
6534e848ca264321e6c4d956678179a4
-
SHA1
600cf511423442a5be1dd170438277c5f8575301
-
SHA256
afa9995e84e0b5c5fba66b6038b6feb45ded7d807e6b55fd84f0f9303c29a706
-
SHA512
87532af0711ce2dcaf7765b635a17322ae6af11448cb422e648df49941184a9bbff49beb995c594e620b6ede570afda9f5ab3ae84a453da560acb77c0cc001bc
-
SSDEEP
24576:9T6pyJfnwuKuwq4IaUSDFHCtG37VAt9qTe5YEhwCEc:9Gp0z5jSDFHC3toTe57wCEc
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-