General
-
Target
e7eba9400afd46600f1a9a301af0aab86e17f56cf22ab93b81beaaf2ec3eaf5c
-
Size
1.2MB
-
Sample
221129-nr6ayahe5z
-
MD5
bdf3a330efa4296d6547e13dc4ff0b87
-
SHA1
5f245654fcd374e54f9a3747aa3ceebe7ea93760
-
SHA256
e7eba9400afd46600f1a9a301af0aab86e17f56cf22ab93b81beaaf2ec3eaf5c
-
SHA512
739b9a8fd57f5bf1e42d6206ef2708e78cc56e623807eedc6955bf61a5ca6808270aa8e416f4f3e0b735b551a4f7b10ac34fe5a9ee9c6d91407ac878ffee64f3
-
SSDEEP
12288:9xPzOw1+1VJw0wJFBRhZa9icVWNLEsy8lDGkX8I4/H+jWDcImvqA5UGcYkMRMoHG:9PqM6YV+/1HhA3UEjS91ekhhZ
Static task
static1
Behavioral task
behavioral1
Sample
e7eba9400afd46600f1a9a301af0aab86e17f56cf22ab93b81beaaf2ec3eaf5c.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
e7eba9400afd46600f1a9a301af0aab86e17f56cf22ab93b81beaaf2ec3eaf5c.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
darkcomet
Yahoo-chat
epiclegit.no-ip.biz:1337
DC_MUTEX-56EX4JX
-
gencode
uxiHXsbVBFCC
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
e7eba9400afd46600f1a9a301af0aab86e17f56cf22ab93b81beaaf2ec3eaf5c
-
Size
1.2MB
-
MD5
bdf3a330efa4296d6547e13dc4ff0b87
-
SHA1
5f245654fcd374e54f9a3747aa3ceebe7ea93760
-
SHA256
e7eba9400afd46600f1a9a301af0aab86e17f56cf22ab93b81beaaf2ec3eaf5c
-
SHA512
739b9a8fd57f5bf1e42d6206ef2708e78cc56e623807eedc6955bf61a5ca6808270aa8e416f4f3e0b735b551a4f7b10ac34fe5a9ee9c6d91407ac878ffee64f3
-
SSDEEP
12288:9xPzOw1+1VJw0wJFBRhZa9icVWNLEsy8lDGkX8I4/H+jWDcImvqA5UGcYkMRMoHG:9PqM6YV+/1HhA3UEjS91ekhhZ
Score10/10-
Modifies firewall policy service
-
Modifies security service
-
Disables RegEdit via registry modification
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-