General
-
Target
66cbf78bef04886de9f7dacc6b7dffe919a87011bfe482fd8ddfbe7bf791fbcc
-
Size
705KB
-
Sample
221126-2vlbtsef9y
-
MD5
5d5ae2dfec782528dbf7022a5e153c2e
-
SHA1
ad267543c3953a315fd585b274c61e8ade393219
-
SHA256
66cbf78bef04886de9f7dacc6b7dffe919a87011bfe482fd8ddfbe7bf791fbcc
-
SHA512
358052014ed4f8e8419a4ce67d18230c33aebc6d3f9005dbacf096a8d2011f125664d4d3547a4bbe90ce32e60733931278acdca2e8929c3ff84128375ea1670a
-
SSDEEP
12288:bFa3rg0Tn+1rOO1lNqkLVmJWq88ILe4xwirKeuDZJfyIUdmgeCX5W2/oooJA1ooq:s00Tn+JNqkVLnlxwuKvDasCXJoooJA1O
Static task
static1
Behavioral task
behavioral1
Sample
66cbf78bef04886de9f7dacc6b7dffe919a87011bfe482fd8ddfbe7bf791fbcc.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
66cbf78bef04886de9f7dacc6b7dffe919a87011bfe482fd8ddfbe7bf791fbcc.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
darkcomet
Guest16_min
amnizia.no-ip.org:1604
DCMIN_MUTEX-T34E8EC
-
InstallPath
DCSCMIN\IMDCSC.exe
-
gencode
hD7ZKwX5TTz1
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
DarkComet RAT
Targets
-
-
Target
66cbf78bef04886de9f7dacc6b7dffe919a87011bfe482fd8ddfbe7bf791fbcc
-
Size
705KB
-
MD5
5d5ae2dfec782528dbf7022a5e153c2e
-
SHA1
ad267543c3953a315fd585b274c61e8ade393219
-
SHA256
66cbf78bef04886de9f7dacc6b7dffe919a87011bfe482fd8ddfbe7bf791fbcc
-
SHA512
358052014ed4f8e8419a4ce67d18230c33aebc6d3f9005dbacf096a8d2011f125664d4d3547a4bbe90ce32e60733931278acdca2e8929c3ff84128375ea1670a
-
SSDEEP
12288:bFa3rg0Tn+1rOO1lNqkLVmJWq88ILe4xwirKeuDZJfyIUdmgeCX5W2/oooJA1ooq:s00Tn+JNqkVLnlxwuKvDasCXJoooJA1O
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-