General
-
Target
aff99f9ee2a7e5a4b4af24676866b1fbe50c6f366c814b52bda4bea84b28b35e
-
Size
682KB
-
Sample
221130-29g8qaha6t
-
MD5
830b7b08e585072896a755182ffcd006
-
SHA1
53b663bb32dc137750578acc1f3d3b4feafea2bd
-
SHA256
aff99f9ee2a7e5a4b4af24676866b1fbe50c6f366c814b52bda4bea84b28b35e
-
SHA512
593a8c41e316e9aef6a54c3d115676faed1ddca8945da507b496ea0c340d5dc40912ff898ccd9e3c605fc53fc4766aca7f05d381a45c6accd7b72188a1eae13f
-
SSDEEP
12288:T7RsS4xKzM6EAJZuDgA/NEI3dixICvsdvukWoaPExk3+Q1gg4q5:TF140zqmZoz6wixICYGoTkOQ1gg4q5
Static task
static1
Behavioral task
behavioral1
Sample
aff99f9ee2a7e5a4b4af24676866b1fbe50c6f366c814b52bda4bea84b28b35e.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
aff99f9ee2a7e5a4b4af24676866b1fbe50c6f366c814b52bda4bea84b28b35e.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
darkcomet
SLAVE
targetyou.no-ip.org:57847
DC_MUTEX-V43LZQD
-
gencode
QicaLEUseXEC
-
install
false
-
offline_keylogger
false
-
persistence
false
Targets
-
-
Target
aff99f9ee2a7e5a4b4af24676866b1fbe50c6f366c814b52bda4bea84b28b35e
-
Size
682KB
-
MD5
830b7b08e585072896a755182ffcd006
-
SHA1
53b663bb32dc137750578acc1f3d3b4feafea2bd
-
SHA256
aff99f9ee2a7e5a4b4af24676866b1fbe50c6f366c814b52bda4bea84b28b35e
-
SHA512
593a8c41e316e9aef6a54c3d115676faed1ddca8945da507b496ea0c340d5dc40912ff898ccd9e3c605fc53fc4766aca7f05d381a45c6accd7b72188a1eae13f
-
SSDEEP
12288:T7RsS4xKzM6EAJZuDgA/NEI3dixICvsdvukWoaPExk3+Q1gg4q5:TF140zqmZoz6wixICYGoTkOQ1gg4q5
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-