General
-
Target
1beef4b921d7ab1808248a9a89f627385fd047c8b573104f74f0d17a2555a8c9
-
Size
756KB
-
Sample
221123-s6lbjadb73
-
MD5
ea6e9d8f151d1437cba55259bd7627fa
-
SHA1
a913d0af4e1c115ffdd1e05faa3df480e6cd2024
-
SHA256
1beef4b921d7ab1808248a9a89f627385fd047c8b573104f74f0d17a2555a8c9
-
SHA512
4a795ddd4f2d0d0ffde973162a9b8636d2cb9bc7f921d59a72c100b27789c8f89fd746fb4a9c4bfaebc7148dafc2fef0998cc623af142b4f8bc000080232c2cf
-
SSDEEP
12288:09HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hx4:4Z1xuVVjfFoynPaVBUR8f+kN10EBc
Behavioral task
behavioral1
Sample
1beef4b921d7ab1808248a9a89f627385fd047c8b573104f74f0d17a2555a8c9.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
1beef4b921d7ab1808248a9a89f627385fd047c8b573104f74f0d17a2555a8c9.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
darkcomet
Kurban
immortalrat.no-ip.biz:1604
DC_MUTEX-GF8E0QH
-
InstallPath
/rat/rat
-
gencode
Z71v3uLvbWMc
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
1beef4b921d7ab1808248a9a89f627385fd047c8b573104f74f0d17a2555a8c9
-
Size
756KB
-
MD5
ea6e9d8f151d1437cba55259bd7627fa
-
SHA1
a913d0af4e1c115ffdd1e05faa3df480e6cd2024
-
SHA256
1beef4b921d7ab1808248a9a89f627385fd047c8b573104f74f0d17a2555a8c9
-
SHA512
4a795ddd4f2d0d0ffde973162a9b8636d2cb9bc7f921d59a72c100b27789c8f89fd746fb4a9c4bfaebc7148dafc2fef0998cc623af142b4f8bc000080232c2cf
-
SSDEEP
12288:09HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hx4:4Z1xuVVjfFoynPaVBUR8f+kN10EBc
Score10/10-
Modifies WinLogon for persistence
-
Adds Run key to start application
-
Drops file in System32 directory
-