General
-
Target
564390eb14d5fb93e012db3ef3933c32e9fe4eeec170d036e1d34345d65594fa
-
Size
1.7MB
-
Sample
221123-m8fwyabc4s
-
MD5
a0e4381250de28e795b8b0c3148e5620
-
SHA1
0bc879670e1d9c0400405d1c3dd1f933689e781b
-
SHA256
564390eb14d5fb93e012db3ef3933c32e9fe4eeec170d036e1d34345d65594fa
-
SHA512
eba0fe53b053674ecd4b4e57aecb52b2d1d973bcb71c6d5e3f4207e7b8730b2a4fc23323e1559c696bdce06c0c365c4110e14c7ac41807fb8b82ec15515e9056
-
SSDEEP
49152:skwkn9IMHeaS7hi0TdX+PouMOskjALaPCS:HdnVCtdCouwkjA2PC
Static task
static1
Behavioral task
behavioral1
Sample
564390eb14d5fb93e012db3ef3933c32e9fe4eeec170d036e1d34345d65594fa.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
564390eb14d5fb93e012db3ef3933c32e9fe4eeec170d036e1d34345d65594fa.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
darkcomet
Guest16
tragicdux.chickenkiller.com:3175
DC_MUTEX-L9H93A3
-
gencode
1L4pelzQX7xS
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
564390eb14d5fb93e012db3ef3933c32e9fe4eeec170d036e1d34345d65594fa
-
Size
1.7MB
-
MD5
a0e4381250de28e795b8b0c3148e5620
-
SHA1
0bc879670e1d9c0400405d1c3dd1f933689e781b
-
SHA256
564390eb14d5fb93e012db3ef3933c32e9fe4eeec170d036e1d34345d65594fa
-
SHA512
eba0fe53b053674ecd4b4e57aecb52b2d1d973bcb71c6d5e3f4207e7b8730b2a4fc23323e1559c696bdce06c0c365c4110e14c7ac41807fb8b82ec15515e9056
-
SSDEEP
49152:skwkn9IMHeaS7hi0TdX+PouMOskjALaPCS:HdnVCtdCouwkjA2PC
Score10/10-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-