General
-
Target
d88bad0f1a938e055eadf40c9ddb6f0dd5789d4ca5642a0a0c8e6a7d9a49de86
-
Size
504KB
-
Sample
221020-zy4w8segf6
-
MD5
7a5698e0bc76ac2e921412bce02786c6
-
SHA1
228356a7b227976ac7e3d9fa3e2f13d57500bd07
-
SHA256
d88bad0f1a938e055eadf40c9ddb6f0dd5789d4ca5642a0a0c8e6a7d9a49de86
-
SHA512
43261b3ef4b150dc01ec1861e00151354debaea75dd1b072f4d496f0f8650fd80c708fcbe58b3ae4541b9a90b4716a2598fa9a2121ceca171bfef82e63d308e5
-
SSDEEP
12288:Y+1nKgOYslht78fQSin4L3b82VvwYiKcvSp3fqn8Z8tMA:V1KNvOu4L3b821wYiKcvS5fqn5MA
Static task
static1
Behavioral task
behavioral1
Sample
d88bad0f1a938e055eadf40c9ddb6f0dd5789d4ca5642a0a0c8e6a7d9a49de86.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
d88bad0f1a938e055eadf40c9ddb6f0dd5789d4ca5642a0a0c8e6a7d9a49de86.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
darkcomet
slaves
kane247.zapto.org:6250
DC_MUTEX-VFAWT91
-
gencode
w3iK1LViyC0N
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
d88bad0f1a938e055eadf40c9ddb6f0dd5789d4ca5642a0a0c8e6a7d9a49de86
-
Size
504KB
-
MD5
7a5698e0bc76ac2e921412bce02786c6
-
SHA1
228356a7b227976ac7e3d9fa3e2f13d57500bd07
-
SHA256
d88bad0f1a938e055eadf40c9ddb6f0dd5789d4ca5642a0a0c8e6a7d9a49de86
-
SHA512
43261b3ef4b150dc01ec1861e00151354debaea75dd1b072f4d496f0f8650fd80c708fcbe58b3ae4541b9a90b4716a2598fa9a2121ceca171bfef82e63d308e5
-
SSDEEP
12288:Y+1nKgOYslht78fQSin4L3b82VvwYiKcvSp3fqn8Z8tMA:V1KNvOu4L3b821wYiKcvS5fqn5MA
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-