General
-
Target
63dbc8dfdbca1ea99a1e446b403af0cbfc637f03f201fe5b8acd45d45630d412
-
Size
389KB
-
Sample
221120-khpp2shg4v
-
MD5
250a1a4c32feba7e2148f4e6048b8350
-
SHA1
70e2397aac72b94ced3f1f80107e2406adeebafa
-
SHA256
63dbc8dfdbca1ea99a1e446b403af0cbfc637f03f201fe5b8acd45d45630d412
-
SHA512
39a39305dc914bd1c61c9ef6f2a8f6e52a264d7adfcc02dd42b0cf1c714609e7febf9ed7461dc2c7be37f0e56954d043f9698146486a094440ffd20696769ee5
-
SSDEEP
12288:oMtmhGDx90PfxPeYBKAjYh7RnFysc93nAK:lx92evnyXOK
Static task
static1
Behavioral task
behavioral1
Sample
63dbc8dfdbca1ea99a1e446b403af0cbfc637f03f201fe5b8acd45d45630d412.exe
Resource
win7-20220901-en
Malware Config
Extracted
darkcomet
Zombie
y29kzv93yxjfnta5.no-ip.org:500
DC_MUTEX-KB194P8
-
gencode
ywG7u7LU1KaH
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
63dbc8dfdbca1ea99a1e446b403af0cbfc637f03f201fe5b8acd45d45630d412
-
Size
389KB
-
MD5
250a1a4c32feba7e2148f4e6048b8350
-
SHA1
70e2397aac72b94ced3f1f80107e2406adeebafa
-
SHA256
63dbc8dfdbca1ea99a1e446b403af0cbfc637f03f201fe5b8acd45d45630d412
-
SHA512
39a39305dc914bd1c61c9ef6f2a8f6e52a264d7adfcc02dd42b0cf1c714609e7febf9ed7461dc2c7be37f0e56954d043f9698146486a094440ffd20696769ee5
-
SSDEEP
12288:oMtmhGDx90PfxPeYBKAjYh7RnFysc93nAK:lx92evnyXOK
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-