General
-
Target
31fbb03d31e7795ab6fa95dd2045876f516e4f6043c2d5209b56e2bd8483825f
-
Size
1.4MB
-
Sample
221002-k288sshhek
-
MD5
6c4fd4892b2f680e75cd06a2b7c8a345
-
SHA1
9b7b0ae22cfd2d85aa27a43d65570c09a55dc6ff
-
SHA256
31fbb03d31e7795ab6fa95dd2045876f516e4f6043c2d5209b56e2bd8483825f
-
SHA512
51705859290dd981ce533cd7c21895e18b0ebef7995e0c3a8edb331e5350796d0c95d187cf50085e88e9f31d323f2582747b13e7793450b266c6cd1600a5a381
-
SSDEEP
24576:ZhqU/8O55m4/bK4XuNGLBGAxBFuRm5zxlpUey0gf58Cnu/+KI5fwHko1tK/FIIbM:ZhqU/T55m4+Lams5ILDskorKWN
Static task
static1
Behavioral task
behavioral1
Sample
31fbb03d31e7795ab6fa95dd2045876f516e4f6043c2d5209b56e2bd8483825f.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
31fbb03d31e7795ab6fa95dd2045876f516e4f6043c2d5209b56e2bd8483825f.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
darkcomet
HF
cyber-dos.no-ip.org:1337
DC_MUTEX-12KVRY9
-
gencode
THybCZwopUiG
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
31fbb03d31e7795ab6fa95dd2045876f516e4f6043c2d5209b56e2bd8483825f
-
Size
1.4MB
-
MD5
6c4fd4892b2f680e75cd06a2b7c8a345
-
SHA1
9b7b0ae22cfd2d85aa27a43d65570c09a55dc6ff
-
SHA256
31fbb03d31e7795ab6fa95dd2045876f516e4f6043c2d5209b56e2bd8483825f
-
SHA512
51705859290dd981ce533cd7c21895e18b0ebef7995e0c3a8edb331e5350796d0c95d187cf50085e88e9f31d323f2582747b13e7793450b266c6cd1600a5a381
-
SSDEEP
24576:ZhqU/8O55m4/bK4XuNGLBGAxBFuRm5zxlpUey0gf58Cnu/+KI5fwHko1tK/FIIbM:ZhqU/T55m4+Lams5ILDskorKWN
Score10/10-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Suspicious use of SetThreadContext
-