General
-
Target
3a2aa960cb8e94359f7f24bc993e383c4cc26d8d4f34df77d4a26c74f69c4c13
-
Size
682KB
-
Sample
221128-xvp8kadh3t
-
MD5
12641af0a6d3c52982b1ebc092f2e49b
-
SHA1
2387dacabec566dff2492bad1dc0034189d4d9b0
-
SHA256
3a2aa960cb8e94359f7f24bc993e383c4cc26d8d4f34df77d4a26c74f69c4c13
-
SHA512
12368ed421bf7d06694a3a679161d6f4152182730ff2f4adc07940067f1eae8e721da67a3206c4d23c39de5008594d04e5804db040aee8870fa8717dd68e8728
-
SSDEEP
12288:u9HMeUmcufrvA3kb445UEJ2jsWiD4EvFuu4cNgZhCiZKD/XdyFkM:6iBIGkbxqEcjsWiDxguehC2SK
Behavioral task
behavioral1
Sample
3a2aa960cb8e94359f7f24bc993e383c4cc26d8d4f34df77d4a26c74f69c4c13.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
3a2aa960cb8e94359f7f24bc993e383c4cc26d8d4f34df77d4a26c74f69c4c13.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
darkcomet
HACK
qun.no-ip.biz:1604
inzhi.no-ip.biz:1604
DC_MUTEX-6PNZJY7
-
InstallPath
AppDate\Local
-
gencode
qRacPhkHU88Y
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
3a2aa960cb8e94359f7f24bc993e383c4cc26d8d4f34df77d4a26c74f69c4c13
-
Size
682KB
-
MD5
12641af0a6d3c52982b1ebc092f2e49b
-
SHA1
2387dacabec566dff2492bad1dc0034189d4d9b0
-
SHA256
3a2aa960cb8e94359f7f24bc993e383c4cc26d8d4f34df77d4a26c74f69c4c13
-
SHA512
12368ed421bf7d06694a3a679161d6f4152182730ff2f4adc07940067f1eae8e721da67a3206c4d23c39de5008594d04e5804db040aee8870fa8717dd68e8728
-
SSDEEP
12288:u9HMeUmcufrvA3kb445UEJ2jsWiD4EvFuu4cNgZhCiZKD/XdyFkM:6iBIGkbxqEcjsWiDxguehC2SK
Score10/10-
Modifies WinLogon for persistence
-
Adds Run key to start application
-