General
-
Target
fdee650f22746686231a8142ad92929b9bcfa416c1aae9d04eca58bbe06ed5d9
-
Size
1.3MB
-
Sample
221003-njm5dsdgdm
-
MD5
612cfad8f0d3302e111d8f37889f4545
-
SHA1
4922d1c323be689169817b290c0067a6d30dab7d
-
SHA256
fdee650f22746686231a8142ad92929b9bcfa416c1aae9d04eca58bbe06ed5d9
-
SHA512
df2eb94a9c84f737fd643609fb304b284635807e99e8f74f2fc584ea841e30eff63c19c1fe9a41b6b851e2f162bbdf97cb2c53ff36c9e5e1cd493cb3b798bafb
-
SSDEEP
24576:iRmJkcoQricOIQxiZY1iaoH7vOngV2TRH2rLp6/ANE+fAGBe/CvZo8:3JZoQrbTFZY1iaoH7GgV2NHLyAGw/Cvb
Static task
static1
Behavioral task
behavioral1
Sample
fdee650f22746686231a8142ad92929b9bcfa416c1aae9d04eca58bbe06ed5d9.exe
Resource
win7-20220812-en
Malware Config
Extracted
darkcomet
Tibia
nyffernipt.no-ip.org:93
DC_MUTEX-5LTW17T
-
gencode
VArimZEWLPrV
-
install
false
-
offline_keylogger
true
-
password
thiago3000
-
persistence
false
Targets
-
-
Target
fdee650f22746686231a8142ad92929b9bcfa416c1aae9d04eca58bbe06ed5d9
-
Size
1.3MB
-
MD5
612cfad8f0d3302e111d8f37889f4545
-
SHA1
4922d1c323be689169817b290c0067a6d30dab7d
-
SHA256
fdee650f22746686231a8142ad92929b9bcfa416c1aae9d04eca58bbe06ed5d9
-
SHA512
df2eb94a9c84f737fd643609fb304b284635807e99e8f74f2fc584ea841e30eff63c19c1fe9a41b6b851e2f162bbdf97cb2c53ff36c9e5e1cd493cb3b798bafb
-
SSDEEP
24576:iRmJkcoQricOIQxiZY1iaoH7vOngV2TRH2rLp6/ANE+fAGBe/CvZo8:3JZoQrbTFZY1iaoH7GgV2NHLyAGw/Cvb
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-