General
-
Target
308c9be2323a416b1c1297238b4197ee58e7442c82a22490f96b9d7a3f69be80
-
Size
1.1MB
-
Sample
221126-yef6dsdb6y
-
MD5
77d59df8f968d49b824598d9b4734e61
-
SHA1
f9f0d73cae09fbfc49fe6a58d7edcbbd57594064
-
SHA256
308c9be2323a416b1c1297238b4197ee58e7442c82a22490f96b9d7a3f69be80
-
SHA512
dea1defa24137b301d5c5d5777e6ad0c7129d0d8305810c68b09e0030a9f0d0f96c154887402ec107ed3b727d1a684313610008c98a05ec107ffc7169840efc4
-
SSDEEP
24576:Jw1lDrobPKhS0/FzDzQ0ae4iIKcRC7lZ87:iDUG/qm
Static task
static1
Behavioral task
behavioral1
Sample
308c9be2323a416b1c1297238b4197ee58e7442c82a22490f96b9d7a3f69be80.exe
Resource
win7-20220812-en
Malware Config
Extracted
darkcomet
Bot
thescienceguy.no-ip.biz:6754
DC_MUTEX-XTMDCH5
-
InstallPath
AVG Tray Utilities\
-
gencode
2d4YgnBQzJYv
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
AVGTrayUtils
Targets
-
-
Target
308c9be2323a416b1c1297238b4197ee58e7442c82a22490f96b9d7a3f69be80
-
Size
1.1MB
-
MD5
77d59df8f968d49b824598d9b4734e61
-
SHA1
f9f0d73cae09fbfc49fe6a58d7edcbbd57594064
-
SHA256
308c9be2323a416b1c1297238b4197ee58e7442c82a22490f96b9d7a3f69be80
-
SHA512
dea1defa24137b301d5c5d5777e6ad0c7129d0d8305810c68b09e0030a9f0d0f96c154887402ec107ed3b727d1a684313610008c98a05ec107ffc7169840efc4
-
SSDEEP
24576:Jw1lDrobPKhS0/FzDzQ0ae4iIKcRC7lZ87:iDUG/qm
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-