General
-
Target
98bcf6c401ec9812061c01777f378061036666124a79aaa4586635f197660db7
-
Size
1.4MB
-
Sample
221125-h8kgxaec6z
-
MD5
22625b92798482b19fdcb6bd850eb5ff
-
SHA1
f5f82940efafbaa945d5f94726035e7572f342ae
-
SHA256
98bcf6c401ec9812061c01777f378061036666124a79aaa4586635f197660db7
-
SHA512
0fcd9d431be0984db80a7658c022fbb52317ef824dab6e88d3f6fcdafab4d8ae23d135c5b27ab1562ab1b9db41975b75026c1e2d6345870d2e334a7ebc274954
-
SSDEEP
24576:xh9Y+kyJinDuGgD4Ydx2hY95qFB+JVYTQ6Wu/kKzToRbA:xh9rH0nDu18KSAUVToR
Static task
static1
Behavioral task
behavioral1
Sample
98bcf6c401ec9812061c01777f378061036666124a79aaa4586635f197660db7.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
98bcf6c401ec9812061c01777f378061036666124a79aaa4586635f197660db7.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
darkcomet
Tetro spreading
narcotraf.mooo.com:1604
DCMIN_MUTEX-AQYCEGU
-
InstallPath
DCSCMIN\IMDCSC.exe
-
gencode
ifTBbaPvKEs1
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
DarkComet RAT
Targets
-
-
Target
98bcf6c401ec9812061c01777f378061036666124a79aaa4586635f197660db7
-
Size
1.4MB
-
MD5
22625b92798482b19fdcb6bd850eb5ff
-
SHA1
f5f82940efafbaa945d5f94726035e7572f342ae
-
SHA256
98bcf6c401ec9812061c01777f378061036666124a79aaa4586635f197660db7
-
SHA512
0fcd9d431be0984db80a7658c022fbb52317ef824dab6e88d3f6fcdafab4d8ae23d135c5b27ab1562ab1b9db41975b75026c1e2d6345870d2e334a7ebc274954
-
SSDEEP
24576:xh9Y+kyJinDuGgD4Ydx2hY95qFB+JVYTQ6Wu/kKzToRbA:xh9rH0nDu18KSAUVToR
Score10/10-
Modifies WinLogon for persistence
-
Suspicious use of SetThreadContext
-