General
-
Target
13509a38f18f8e07c11982a59642d90cd55d910482b8bab753949231211933ed
-
Size
1.4MB
-
Sample
221123-s65p6sdb94
-
MD5
cc010a9788fb94a30ffc7e7ce3572c74
-
SHA1
ef63edaecff71c8ca3aa3f3be5ceb1a18bd38672
-
SHA256
13509a38f18f8e07c11982a59642d90cd55d910482b8bab753949231211933ed
-
SHA512
fcbcc4efd16561411349e55e3461064ac642910053ecd30459cb4bc27895b3736616fd57600f82343a0597a62a002fcd68c6b77336954f104324b05e3f623fc3
-
SSDEEP
24576:uRmJkcoQricOIQxiZY1iaHfPFt+j/KIprM8KJGVG18XRjypuVPAZNbz:7JZoQrbTFZY1iaHfttw/RMNkWOR+AVPO
Static task
static1
Behavioral task
behavioral1
Sample
13509a38f18f8e07c11982a59642d90cd55d910482b8bab753949231211933ed.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
13509a38f18f8e07c11982a59642d90cd55d910482b8bab753949231211933ed.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
darkcomet
Sept
daynasmithx.ddns.net:100
DCMIN_MUTEX-HFVU8P5
-
gencode
cehBMBEe408f
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
13509a38f18f8e07c11982a59642d90cd55d910482b8bab753949231211933ed
-
Size
1.4MB
-
MD5
cc010a9788fb94a30ffc7e7ce3572c74
-
SHA1
ef63edaecff71c8ca3aa3f3be5ceb1a18bd38672
-
SHA256
13509a38f18f8e07c11982a59642d90cd55d910482b8bab753949231211933ed
-
SHA512
fcbcc4efd16561411349e55e3461064ac642910053ecd30459cb4bc27895b3736616fd57600f82343a0597a62a002fcd68c6b77336954f104324b05e3f623fc3
-
SSDEEP
24576:uRmJkcoQricOIQxiZY1iaHfPFt+j/KIprM8KJGVG18XRjypuVPAZNbz:7JZoQrbTFZY1iaHfttw/RMNkWOR+AVPO
Score10/10-
Modifies WinLogon for persistence
-
Adds policy Run key to start application
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-