General
-
Target
511535e2c71f17fbb05320f5e3d109c7258bddf6b738a2bc819eb7131208c0bc
-
Size
2.8MB
-
Sample
221123-vrzayscg3t
-
MD5
ff9142946eaf74497cce37d6042a001e
-
SHA1
84a9a186ca189b94b6cc96149b8a891fbb1ad4b8
-
SHA256
511535e2c71f17fbb05320f5e3d109c7258bddf6b738a2bc819eb7131208c0bc
-
SHA512
c124a5d17c0d350d3c5b180644bee992e4eb634e25e6c8cce2f4da2336461d98eb5901a0b69b61b7b81aa4bc771c2f2f40fd7f8040b44894c9c84ae7cdb7a249
-
SSDEEP
49152:GNX1vMYf017Whi8bfjQagbDEeqJJrn5m/4sit6QNt9NSlCf:K9MDW08bfjQagceqTr53YC
Static task
static1
Behavioral task
behavioral1
Sample
511535e2c71f17fbb05320f5e3d109c7258bddf6b738a2bc819eb7131208c0bc.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
511535e2c71f17fbb05320f5e3d109c7258bddf6b738a2bc819eb7131208c0bc.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
darkcomet
Guest16
darkcometratt.no-ip.org:1604
DC_MUTEX-WG0MMGJ
-
gencode
Rsl0xg3qg2h8
-
install
false
-
offline_keylogger
true
-
persistence
false
Extracted
darkcomet
DEFORS
rsnoip.ddns.net:1997
DCMIN_MUTEX-C5RDYJH
-
gencode
NToT30g4twDC
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
511535e2c71f17fbb05320f5e3d109c7258bddf6b738a2bc819eb7131208c0bc
-
Size
2.8MB
-
MD5
ff9142946eaf74497cce37d6042a001e
-
SHA1
84a9a186ca189b94b6cc96149b8a891fbb1ad4b8
-
SHA256
511535e2c71f17fbb05320f5e3d109c7258bddf6b738a2bc819eb7131208c0bc
-
SHA512
c124a5d17c0d350d3c5b180644bee992e4eb634e25e6c8cce2f4da2336461d98eb5901a0b69b61b7b81aa4bc771c2f2f40fd7f8040b44894c9c84ae7cdb7a249
-
SSDEEP
49152:GNX1vMYf017Whi8bfjQagbDEeqJJrn5m/4sit6QNt9NSlCf:K9MDW08bfjQagceqTr53YC
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-