Overview

overview

10

Static

static

10

fcc9b4d2be...ba.exe

windows7-x64

5

fcc9b4d2be...ba.exe

windows10-2004-x64

5

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fcc9b4d2bea344d050308e8f2888687e5f35fd060e62c4d23a22f5d252629cba

  • Size

    658KB

  • Sample

    221107-tfelqshafj

  • MD5

    04a7d97baaafd5cc3242e93e37e26180

  • SHA1

    039574dbafa822d9f65767450cfd267685d0c2c0

  • SHA256

    fcc9b4d2bea344d050308e8f2888687e5f35fd060e62c4d23a22f5d252629cba

  • SHA512

    4c7cb58abb607b074548e915ce1b5a7dbb87a7d81f7c5e5b2dd9bd93e49ace808d8a90043f3c34d4dae03dc6ee6a288626eca2468af941e35bfc73196c1ba348

  • SSDEEP

    12288:C9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hV:uZ1xuVVjfFoynPaVBUR8f+kN10EB3

Score
10/10
darkcometkz

Malware Config

Extracted

Family

darkcomet

Botnet

KZ

C2

xfservers.no-ip.biz:1604

Mutex

KZSERVERS

Attributes
  • gencode

    hJrScb9UtcHp

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      fcc9b4d2bea344d050308e8f2888687e5f35fd060e62c4d23a22f5d252629cba

    • Size

      658KB

    • MD5

      04a7d97baaafd5cc3242e93e37e26180

    • SHA1

      039574dbafa822d9f65767450cfd267685d0c2c0

    • SHA256

      fcc9b4d2bea344d050308e8f2888687e5f35fd060e62c4d23a22f5d252629cba

    • SHA512

      4c7cb58abb607b074548e915ce1b5a7dbb87a7d81f7c5e5b2dd9bd93e49ace808d8a90043f3c34d4dae03dc6ee6a288626eca2468af941e35bfc73196c1ba348

    • SSDEEP

      12288:C9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hV:uZ1xuVVjfFoynPaVBUR8f+kN10EB3

    Score
    5/10

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks