General
-
Target
ee4b726c7bc356500183f5e17d8ce6f39ce55a72c46c4beeed3435bf0460210b
-
Size
1.1MB
-
Sample
221126-a9hqpsag39
-
MD5
de36d61f265e209ee8c09ee662a8cd9b
-
SHA1
87697005b5e52f391d13e313836106ad778edff6
-
SHA256
ee4b726c7bc356500183f5e17d8ce6f39ce55a72c46c4beeed3435bf0460210b
-
SHA512
6cc6f271904242c61134e4ef00920b432bc8a8c96594ed3ccf5d90263b0affd802e8612e26c60089239b894f0934f45c7f93908734c1c8b47b678c4722c9e113
-
SSDEEP
24576:NJGb3smSibRvFYXgkI+BuZFn5PZF34DRvM:3m3msSwV+BwZFo9
Static task
static1
Behavioral task
behavioral1
Sample
ee4b726c7bc356500183f5e17d8ce6f39ce55a72c46c4beeed3435bf0460210b.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
ee4b726c7bc356500183f5e17d8ce6f39ce55a72c46c4beeed3435bf0460210b.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
darkcomet
22
alavera.no-ip.org:1604
DC_MUTEX-QWLGHR9
-
gencode
cEQ4P3g3EQgo
-
install
false
-
offline_keylogger
true
-
password
alavera1230147
-
persistence
false
Targets
-
-
Target
ee4b726c7bc356500183f5e17d8ce6f39ce55a72c46c4beeed3435bf0460210b
-
Size
1.1MB
-
MD5
de36d61f265e209ee8c09ee662a8cd9b
-
SHA1
87697005b5e52f391d13e313836106ad778edff6
-
SHA256
ee4b726c7bc356500183f5e17d8ce6f39ce55a72c46c4beeed3435bf0460210b
-
SHA512
6cc6f271904242c61134e4ef00920b432bc8a8c96594ed3ccf5d90263b0affd802e8612e26c60089239b894f0934f45c7f93908734c1c8b47b678c4722c9e113
-
SSDEEP
24576:NJGb3smSibRvFYXgkI+BuZFn5PZF34DRvM:3m3msSwV+BwZFo9
Score10/10-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-