General
-
Target
11d71f63829578f73939cbd65e0a1b30d8b2e87931b31316064541943a1440bc
-
Size
473KB
-
Sample
221125-ffjzkacc25
-
MD5
34c826181c39fd1669e902ea6d6a09a1
-
SHA1
d395c87a25b62753e11b7ebfa77fbf9617c670e5
-
SHA256
11d71f63829578f73939cbd65e0a1b30d8b2e87931b31316064541943a1440bc
-
SHA512
0101cacbbebb05862255c1d2b5d8cdb3df8d350181b392cf57cb591d22fcf320aeaf69991fe840e0e01f10f7922130d97f00858df43d2e5d16dd42fa7ff24f3b
-
SSDEEP
12288:bwdv2g3QQy5T3mYyQPZlk9m6TeXHHFk4FmepyaLdY89asq:bwF2go13376aYKyudYqk
Static task
static1
Behavioral task
behavioral1
Sample
PROFORMA.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
PROFORMA.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
PROFORMA2.exe
Resource
win7-20220812-en
Behavioral task
behavioral4
Sample
PROFORMA2.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
darkcomet
NEWS
informer.ddns.net:1605
informer.ddns.net:1606
DC_MUTEX-L6AVTYM
-
gencode
kNGa0laUgQF5
-
install
false
-
offline_keylogger
true
-
password
chinelo4545
-
persistence
false
Targets
-
-
Target
PROFORMA.exe
-
Size
290KB
-
MD5
17ab913384c61e2cab2c32e25f6f127e
-
SHA1
adc9abb82f0be7df5351f80f85a75209ea691f7c
-
SHA256
317cf2b96b1fca04ccc746dc7cfc24776bbb09ed1eae2932a184c6081f89784e
-
SHA512
e2057ba7d14708bc8e4cd6fc418c35ce0dc51c8bd27c6ac364b931c6e412937e3cd1fd747b3f1b59c350cfec427b33578dd692c2bd0f48c64d14162f955c2249
-
SSDEEP
6144:PMapLqoIeQMDFdaioxK08X4L1EuQHZIL510OYWjW2o/+:PMuLqoIebdaioI08XuKubd110
Score1/10 -
-
-
Target
PROFORMA2.exe
-
Size
343KB
-
MD5
69661f894bc24159f7796f022db64c67
-
SHA1
733c507e16327c2db7715c2704db3b4bff01e026
-
SHA256
1487b91fe287ef043d6ba20e4e37128830770d12ed43e6228ff2bd8fd51eb4b6
-
SHA512
3b918d4faff57c5d6da75c0b94d84f69220555c9a4522d780a1764b5612261971a0b162546d5b3404198e1920c475194dc07c6019dff6d3bb778e14dfbf2fe3c
-
SSDEEP
6144:xMaed6qRf1VYOnThmxoTfqlac/lTcspV+qrjQKcW:xMnvRfblF5tyxfkqrcK
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-