Behavioral task
behavioral1
Sample
1984-72-0x0000000000400000-0x00000000004B7000-memory.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
1984-72-0x0000000000400000-0x00000000004B7000-memory.exe
Resource
win10v2004-20220901-en
General
-
Target
1984-72-0x0000000000400000-0x00000000004B7000-memory.dmp
-
Size
732KB
-
MD5
75b8c91aa6ae0c68f12762eb64555a85
-
SHA1
8a889f97704d9ce6df56df278f34770d79e28d9f
-
SHA256
53cd6732529bb22351cddece49411e8b9ac83aea1824e128c3d149f8301ea9f7
-
SHA512
da9124f76c04498a7e3077f05c6a361afe8061dedfa2cb9b12c125a8fd85bf9559a5e87c743b327381526ff293e3e7da964abeff18acc840775d7a1539855337
-
SSDEEP
12288:5cH9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9EkNC/Sh:6Z1xuVVjfFoynPaVBUR8f+kN10Ed
Malware Config
Extracted
darkcomet
New-July-July4-0
45.74.4.244:35800
DC_MUTEX-RT27KF0
-
gencode
cKUHbX2GsGhs
-
install
false
-
offline_keylogger
true
-
password
hhhhhh
-
persistence
false
Signatures
Files
-
1984-72-0x0000000000400000-0x00000000004B7000-memory.dmp.exe windows x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
UPX0 Size: - Virtual size: 476KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
UPX1 Size: 246KB - Virtual size: 248KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE