General
-
Target
4f219da44b514bfada90bfbb1caed5d086d8b7ed6b7379fee258df8bfd0d4569
-
Size
1.2MB
-
Sample
221003-bnle5sacg7
-
MD5
6bddfd1454aeee52c045efb156e578bf
-
SHA1
ba412157a92991ab03ff68b4fba85555574246b3
-
SHA256
4f219da44b514bfada90bfbb1caed5d086d8b7ed6b7379fee258df8bfd0d4569
-
SHA512
a9c7d882f28b2eba11624dcc5429fcb7c0b66ff8eff65d8432324223395808ab5b0f48609a395bc4b8d68c454d4ae11d06a7219b6bf8157438691fc668e53f16
-
SSDEEP
12288:vdgJBDDTA5PXjfMKSUVqRqN68vt/ijPanZnmqNXeS1LBjNwooq6rlwpUrvqu7QA/:
Static task
static1
Behavioral task
behavioral1
Sample
4f219da44b514bfada90bfbb1caed5d086d8b7ed6b7379fee258df8bfd0d4569.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
4f219da44b514bfada90bfbb1caed5d086d8b7ed6b7379fee258df8bfd0d4569.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
darkcomet
Guest16
fisheraccount.no-ip.biz:1010
127.0.0.1:1010
DC_MUTEX-UU0RBGL
-
gencode
GCnBDj5icbfH
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
4f219da44b514bfada90bfbb1caed5d086d8b7ed6b7379fee258df8bfd0d4569
-
Size
1.2MB
-
MD5
6bddfd1454aeee52c045efb156e578bf
-
SHA1
ba412157a92991ab03ff68b4fba85555574246b3
-
SHA256
4f219da44b514bfada90bfbb1caed5d086d8b7ed6b7379fee258df8bfd0d4569
-
SHA512
a9c7d882f28b2eba11624dcc5429fcb7c0b66ff8eff65d8432324223395808ab5b0f48609a395bc4b8d68c454d4ae11d06a7219b6bf8157438691fc668e53f16
-
SSDEEP
12288:vdgJBDDTA5PXjfMKSUVqRqN68vt/ijPanZnmqNXeS1LBjNwooq6rlwpUrvqu7QA/:
Score10/10-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-