General
-
Target
0797ecf215ad293bb9cec8cc8d7c48721866a224585490bf3993910366b134b7
-
Size
736KB
-
Sample
221128-xkhqqsha27
-
MD5
aa790ff4f430ab3af619c31d4d0d9c92
-
SHA1
8fe417542db5fe0671fb164bbdc9973e6c48f73a
-
SHA256
0797ecf215ad293bb9cec8cc8d7c48721866a224585490bf3993910366b134b7
-
SHA512
abfa2156fbeba332ca669cc54c7c75f58fcdc57546ef6f4244217ab2471b106a32d35c9348ca3a22294c2fbcb0ea1f3416b32617aa84bd29372fbf0a0f6e0031
-
SSDEEP
12288:a5gTvBHv8dtRtpkxG/2VDFQa5xfUGXp/s0RpirOIAp555:aQBHv8dtR/kCcQcxfUG5U2pirB
Static task
static1
Behavioral task
behavioral1
Sample
0797ecf215ad293bb9cec8cc8d7c48721866a224585490bf3993910366b134b7.exe
Resource
win7-20220812-en
Malware Config
Extracted
darkcomet
v1
easytoremember.no-ip.biz:9003
DC_MUTEX-RHEVRRJ
-
InstallPath
GoogleUpdate\updater.exe
-
gencode
3bnD3E1CbrMc
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
googleupdate
Targets
-
-
Target
0797ecf215ad293bb9cec8cc8d7c48721866a224585490bf3993910366b134b7
-
Size
736KB
-
MD5
aa790ff4f430ab3af619c31d4d0d9c92
-
SHA1
8fe417542db5fe0671fb164bbdc9973e6c48f73a
-
SHA256
0797ecf215ad293bb9cec8cc8d7c48721866a224585490bf3993910366b134b7
-
SHA512
abfa2156fbeba332ca669cc54c7c75f58fcdc57546ef6f4244217ab2471b106a32d35c9348ca3a22294c2fbcb0ea1f3416b32617aa84bd29372fbf0a0f6e0031
-
SSDEEP
12288:a5gTvBHv8dtRtpkxG/2VDFQa5xfUGXp/s0RpirOIAp555:aQBHv8dtR/kCcQcxfUG5U2pirB
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-