Overview
overview
10Static
static
PipeCmd.exe
windows7-x64
1PipeCmd.exe
windows10-2004-x64
1heibai.net.htm
windows7-x64
1heibai.net.htm
windows10-2004-x64
1hscan 1.2.exe
windows7-x64
10hscan 1.2.exe
windows10-2004-x64
10hscangui.exe
windows7-x64
1hscangui.exe
windows10-2004-x64
1libmySQL.dll
windows7-x64
3libmySQL.dll
windows10-2004-x64
3oncrpc.dll
windows7-x64
1oncrpc.dll
windows10-2004-x64
1report/192...4.html
windows7-x64
1report/192...4.html
windows10-2004-x64
1tools/NTCmd.exe
windows7-x64
1tools/NTCmd.exe
windows10-2004-x64
1tools/Sqlcmd.exe
windows7-x64
1tools/Sqlcmd.exe
windows10-2004-x64
1tools/cygwinb19.dll
windows7-x64
1tools/cygwinb19.dll
windows10-2004-x64
1tools/mysql.exe
windows7-x64
1tools/mysql.exe
windows10-2004-x64
1General
-
Target
84a8c0c110ac9ee5511ef0220cbec96ef4fa08cbfbaeffb186573d66455dac2d
-
Size
1.5MB
-
Sample
221126-a9l35aag46
-
MD5
f95d0ab5850dd45fe2f0b2a9eff2b142
-
SHA1
c892d4d387f6883d032ff19fa6de2b175eedcf61
-
SHA256
84a8c0c110ac9ee5511ef0220cbec96ef4fa08cbfbaeffb186573d66455dac2d
-
SHA512
778edad318cacf00a00e336f55a4dfea45df5b81ece219368aeaaba1bbaa3d0a07ba7859cae8661cd8d75f5a98721ecd91511dd21e6969eb42d2aad61e254778
-
SSDEEP
49152:2pxCzeA1aYFwfk1xcT0BmPxgISAzryF2ZX8ok5L:2pxUhaJf2c8Qb1UN
Static task
static1
Behavioral task
behavioral1
Sample
PipeCmd.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
PipeCmd.exe
Resource
win10v2004-20220901-en
Behavioral task
behavioral3
Sample
heibai.net.htm
Resource
win7-20221111-en
Behavioral task
behavioral4
Sample
heibai.net.htm
Resource
win10v2004-20220812-en
Behavioral task
behavioral5
Sample
hscan 1.2.exe
Resource
win7-20220812-en
Behavioral task
behavioral6
Sample
hscan 1.2.exe
Resource
win10v2004-20220901-en
Behavioral task
behavioral7
Sample
hscangui.exe
Resource
win7-20220812-en
Behavioral task
behavioral8
Sample
hscangui.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral9
Sample
libmySQL.dll
Resource
win7-20220812-en
Behavioral task
behavioral10
Sample
libmySQL.dll
Resource
win10v2004-20220901-en
Behavioral task
behavioral11
Sample
oncrpc.dll
Resource
win7-20221111-en
Behavioral task
behavioral12
Sample
oncrpc.dll
Resource
win10v2004-20220901-en
Behavioral task
behavioral13
Sample
report/192.168.0.154-192.168.0.154.html
Resource
win7-20220901-en
Behavioral task
behavioral14
Sample
report/192.168.0.154-192.168.0.154.html
Resource
win10v2004-20220812-en
Behavioral task
behavioral15
Sample
tools/NTCmd.exe
Resource
win7-20220901-en
Behavioral task
behavioral16
Sample
tools/NTCmd.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral17
Sample
tools/Sqlcmd.exe
Resource
win7-20221111-en
Behavioral task
behavioral18
Sample
tools/Sqlcmd.exe
Resource
win10v2004-20220901-en
Behavioral task
behavioral19
Sample
tools/cygwinb19.dll
Resource
win7-20221111-en
Behavioral task
behavioral20
Sample
tools/cygwinb19.dll
Resource
win10v2004-20220812-en
Behavioral task
behavioral21
Sample
tools/mysql.exe
Resource
win7-20221111-en
Behavioral task
behavioral22
Sample
tools/mysql.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
darkcomet
22
alavera.no-ip.org:1604
DC_MUTEX-QWLGHR9
-
gencode
cEQ4P3g3EQgo
-
install
false
-
offline_keylogger
true
-
password
alavera1230147
-
persistence
false
Targets
-
-
Target
PipeCmd.exe
-
Size
40KB
-
MD5
970078b1a1d69f05bcd3944eb96a16b9
-
SHA1
64403ce63b28b544646a30da3be2f395788542d6
-
SHA256
cc1dda48929249b701305faea3619036cba29007a6db2a9aec6b8c05868ab1e6
-
SHA512
1eeb54f2b43140c659abe2f6b176e4aea0a0578cedfa21fa0c4011b6ab49eb129538a98adcabbbccc6f1004894a8135273dea15475240e688abbce1d75525c21
-
SSDEEP
384:jzc/9NSRix4fULMWru4xxkO3KnUF/02m44:jzc/bSm4uMW1xGoKnUx044
Score1/10 -
-
-
Target
heibai.net.htm
-
Size
3KB
-
MD5
64e775b57484547a8685a37f143e5d31
-
SHA1
e215b532666b3b7954943e4e2558190bd0583f78
-
SHA256
9ffaaf46f0ea054bd916f7c141b5390f04b0c25615a1210cf2b58d43a3b61eff
-
SHA512
af35f82b76fb486ffb4cccf397e178b81a942e1c9be4538c9d1434fcaf3ac6d438dd9b83113b9477729183efc74caf08e74ba651e542d1a9214f6e569dae2848
Score1/10 -
-
-
Target
hscan 1.2.exe
-
Size
1.1MB
-
MD5
de36d61f265e209ee8c09ee662a8cd9b
-
SHA1
87697005b5e52f391d13e313836106ad778edff6
-
SHA256
ee4b726c7bc356500183f5e17d8ce6f39ce55a72c46c4beeed3435bf0460210b
-
SHA512
6cc6f271904242c61134e4ef00920b432bc8a8c96594ed3ccf5d90263b0affd802e8612e26c60089239b894f0934f45c7f93908734c1c8b47b678c4722c9e113
-
SSDEEP
24576:NJGb3smSibRvFYXgkI+BuZFn5PZF34DRvM:3m3msSwV+BwZFo9
Score10/10-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-
-
-
Target
hscangui.exe
-
Size
124KB
-
MD5
42be6717898901b0dc245800a219a3d1
-
SHA1
af8aced0a78e1181f4c307c78402481a589f8d07
-
SHA256
c9ec10f0be2bc81c2f3703b9b258a55f662d7fd78e4be0c3e24a6f2502978ddc
-
SHA512
4848f98f1a633cee19a38f83a11a35b5a18dfb9f0250413b1077c1dd38ab2305997a52b1d6eee78a862109f604fc1f24f2ff01badb3beabe11141bcf8e967ef8
-
SSDEEP
1536:MP4EawbCxws7yDKZvB+Dk1BTqgM35r9zN8PZlmuMJYqOgvP3/QXL:YKZ5+Dk13+qP/yl/HvQXL
Score1/10 -
-
-
Target
libmySQL.dll
-
Size
228KB
-
MD5
5c82aa0811d81b4caf189bc70f59d86d
-
SHA1
33552fda4d682ed39f9408e8bfb3c7fac9ee5659
-
SHA256
68dd7744114dd579cf5748d0a8e27ac9e7c83ef7fa7245786630ec69a286c090
-
SHA512
f23a7db670415e1bfd9b6d92ae65f427900696b4aa608ca236025f08f9f7e6ada397403fbb7b26796796edc55f351ea36a53eeb917e30aa80ab16e7fb6b242de
-
SSDEEP
6144:E2liPBy0LYtmcn7Ce5GfeAHC7Qea/6Dnegz:Flipy0L2mEj5GG3a/Qz
Score3/10 -
-
-
Target
oncrpc.dll
-
Size
68KB
-
MD5
be32939c3ad523129d84cf35a4f9641d
-
SHA1
e8f047eed8d4f6d2f5dbaffdd0e6e4a09c5298a2
-
SHA256
43ad6f6fc581dabc73f5da8ea691281bd0a28a413865dcb353772394a28f3445
-
SHA512
ed1ecb3d972a44dda3b720a7c4f56418908f83708fa926c39cc2998dd03da26d3c1303241d1288c748027a0db353a0670478093b4f04ce26c2f319e28c900fba
-
SSDEEP
1536:6QqKkdcFLkqJhmR56ONl24Xf2FCDEt1eGni:7jgq/hOL24XOFyI3i
Score1/10 -
-
-
Target
report/192.168.0.154-192.168.0.154.html
-
Size
1KB
-
MD5
f190462776444af0c1642aca8c801a8a
-
SHA1
df9eab3c23b0644041d8b7a9407c2103ab7aee7b
-
SHA256
af810b614ddc4935b1cbff82f51973e38213b9cdd9d61a7bba143c195711ce2e
-
SHA512
5395b0d679a796eadd8ae4fd421f678283d30ee5f4eeea99ed8ce0f47f83a3fd1c07d944dafbf749ec4b01513e5fbea81391053ee5d2557fba50be3d2f7a8096
Score1/10 -
-
-
Target
tools/NTCmd.exe
-
Size
36KB
-
MD5
4a9509c2d86a6b782df2837506015a3d
-
SHA1
a3ae8659b9a673aa346a60844208b371f7c05e3c
-
SHA256
f38cf1ce798e6a12ade9c196356d30ef5c8eadc99e34503644b53774dd9a0590
-
SHA512
9ead146bf5ae2d372e9d3f73d417f8ac8243c7cccc582c5448cdc77fd43879b728e9fd658769037dafd167f20340554127ea0b6e8f76f48efe6fa905ed1ac5a8
-
SSDEEP
384:JZKv/OOfkqTBUS04GcGzDml2HBLnoOMamtvFPm06pV1nOrvB6gkyDm73oieVux9c:J4nOOVBUWVfamtvFIdnOrsjyux9o7
Score1/10 -
-
-
Target
tools/Sqlcmd.exe
-
Size
32KB
-
MD5
bd368d2021f80055e62882768250df92
-
SHA1
99d56476e539750c599f76391d717c51c4955a33
-
SHA256
5ceae85b375e516adb38bcfcfe082b3aef76ad18712e2ee7e52acee35c17eb43
-
SHA512
c40795c456002747dffc774aa1f45a1e1922819d779a2b7595a1158dc56d9fe63658fe6c475a43d26adf79439ef161aa3afa6d13f1032f0f9d082ffb391091a1
-
SSDEEP
384:Fn7rbyjQT1cSUJhGEhYmlS5eRysypg9qffx3GkAoZo+n:Br2q1c3MEl2pg9qfp3GPo2+
Score1/10 -
-
-
Target
tools/cygwinb19.dll
-
Size
653KB
-
MD5
d388339d43a0e83c6effd1de09a91c30
-
SHA1
3988bddacf90569886a2505ec6eef8faf1c61df6
-
SHA256
61f3bd4efe4de44664eea151202542f058e2e247e28dcea4e5ac810a73d251f4
-
SHA512
83b61b44c20cabea1b7841d47a156e406f438023bbab4d35a9a90a1bff377da688e18841a39087c06182a2f0d428dd6b82783536ac99936d98f665fc1af3966c
-
SSDEEP
12288:ZBcweFLCwKDMpvVEiDTf5SUd9aw8s+r53fMyPMh39coCtE:D7twruiDTfT0w8s+93bPwcfy
Score1/10 -
-
-
Target
tools/mysql.exe
-
Size
326KB
-
MD5
ab9e515e0368d649741859a2dde0d7cf
-
SHA1
33e3f4bea31df01d67bdadf49b683670fdc04209
-
SHA256
87adca958b90b161bd0358386fab5834cd34f12af111f09b827fe99c1c48b969
-
SHA512
9537979bb28cb6449334759a0123e085d43c9e4b9c93b7276570d0e93bec2f463131ecc984a01acc7f483e629ba3958465f1d9fe53bca41658c0cca853c88cc0
-
SSDEEP
6144:36Cmsj/XggGwiNUwhVM2T0QNAVAUS37bMcdJaVm+jUlASBaKcCP63zA0iZdlv66B:36Cmsj/X8BNUwLM2T0QNAGUS37bMKJyW
Score1/10 -