General
-
Target
a3c96604b01d189879f5076b3c94d0b10a19cd1a8e3e7935349c7036363b47b8
-
Size
1.4MB
-
Sample
221122-y5bctsbc41
-
MD5
dc07030af6c807db6ffcb1eea9805846
-
SHA1
03a4f4daad133a8c3b1fd8297317df194a4d9184
-
SHA256
a3c96604b01d189879f5076b3c94d0b10a19cd1a8e3e7935349c7036363b47b8
-
SHA512
91127b471c7620028dbbd220c6f7706a856827097158656b609a6cab5b10e553b9afff4f1bc3754e88bf4fc857e139e673e71d0a9fb2ba9a0c5216a69a2d2d15
-
SSDEEP
24576:x3Oqr/iK/TH5yHTtqaw/Kf9hoWSXBMo0xZUEKLolSuWDyDf02g+I7LEn/XD:9trKK/TH5yHTtqaOKfjVdo0tlRWDAk3Q
Static task
static1
Behavioral task
behavioral1
Sample
a3c96604b01d189879f5076b3c94d0b10a19cd1a8e3e7935349c7036363b47b8.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
a3c96604b01d189879f5076b3c94d0b10a19cd1a8e3e7935349c7036363b47b8.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
darkcomet
Bot
sallad.chickenkiller.com:9331
DC_MUTEX-NTQ979W
-
gencode
3ngHr6j4cxcy
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
a3c96604b01d189879f5076b3c94d0b10a19cd1a8e3e7935349c7036363b47b8
-
Size
1.4MB
-
MD5
dc07030af6c807db6ffcb1eea9805846
-
SHA1
03a4f4daad133a8c3b1fd8297317df194a4d9184
-
SHA256
a3c96604b01d189879f5076b3c94d0b10a19cd1a8e3e7935349c7036363b47b8
-
SHA512
91127b471c7620028dbbd220c6f7706a856827097158656b609a6cab5b10e553b9afff4f1bc3754e88bf4fc857e139e673e71d0a9fb2ba9a0c5216a69a2d2d15
-
SSDEEP
24576:x3Oqr/iK/TH5yHTtqaw/Kf9hoWSXBMo0xZUEKLolSuWDyDf02g+I7LEn/XD:9trKK/TH5yHTtqaOKfjVdo0tlRWDAk3Q
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-