General
-
Target
03418a14a8d2fa686d31747cfefe6bd824dcb782dd602c19fa7efd77585fd1ee
-
Size
968KB
-
Sample
221130-rqf67sgg95
-
MD5
f27e2348eaca8df7a62a806ee14d6229
-
SHA1
5f90c0a83d867cf265fedffa101db91f5e094d4b
-
SHA256
03418a14a8d2fa686d31747cfefe6bd824dcb782dd602c19fa7efd77585fd1ee
-
SHA512
f2c893f768ea06e4c3c013edb00b70d4eab7fdb2520f668460320561fdca846eaf61e8a6246c3287fe5af0061ee177bdc8a8560df636a599a6ad56888ca88456
-
SSDEEP
12288:OR49o2m/kijD3tUL/SW+vZi3G0khHCpp1tlAhpoz1qODJXXn3n0kZJWb:4qyhDyLf2wW064dlYwqOJXnkk/W
Static task
static1
Behavioral task
behavioral1
Sample
03418a14a8d2fa686d31747cfefe6bd824dcb782dd602c19fa7efd77585fd1ee.exe
Resource
win7-20220812-en
Malware Config
Extracted
darkcomet
Spy
127.0.0.1:1604
nibiru3.duckdns.org:1604
nibiru33.duckdns.org:1604
DC_MUTEX-QE733CL
-
InstallPath
MSDCSC\Audio Realtek Driver.exe
-
gencode
slqYakBDdplF
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
03418a14a8d2fa686d31747cfefe6bd824dcb782dd602c19fa7efd77585fd1ee
-
Size
968KB
-
MD5
f27e2348eaca8df7a62a806ee14d6229
-
SHA1
5f90c0a83d867cf265fedffa101db91f5e094d4b
-
SHA256
03418a14a8d2fa686d31747cfefe6bd824dcb782dd602c19fa7efd77585fd1ee
-
SHA512
f2c893f768ea06e4c3c013edb00b70d4eab7fdb2520f668460320561fdca846eaf61e8a6246c3287fe5af0061ee177bdc8a8560df636a599a6ad56888ca88456
-
SSDEEP
12288:OR49o2m/kijD3tUL/SW+vZi3G0khHCpp1tlAhpoz1qODJXXn3n0kZJWb:4qyhDyLf2wW064dlYwqOJXnkk/W
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-