General
-
Target
bdf46f94b451498f3680e952becb43849fab7b685677737d566a474a7c34e78e
-
Size
519KB
-
Sample
221203-gvt9hsee3w
-
MD5
0a576752b14445994e436a13e1d5f010
-
SHA1
ee7a1f32ac798dfbb11657e20ed240590bf6ef0b
-
SHA256
bdf46f94b451498f3680e952becb43849fab7b685677737d566a474a7c34e78e
-
SHA512
704bdf6fb715d4b9579f6331e538c2bcdbea7b3c4541a1736838a632358fcbf3ca4070f6c5840636d3746507b7172332480b8669dbd602ea10662be54947e536
-
SSDEEP
12288:yiATy7mBkza8SK0Gs1QEqAXIMco0MbW4GkRklOVd4:lATh6ly1zXhcabWuklOb4
Static task
static1
Behavioral task
behavioral1
Sample
bdf46f94b451498f3680e952becb43849fab7b685677737d566a474a7c34e78e.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
bdf46f94b451498f3680e952becb43849fab7b685677737d566a474a7c34e78e.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
darkcomet
HaCkeD By mrChpap'
misteryou.zapto.org:1604
DC_MUTEX-ZEHUWKF
-
InstallPath
SVCHOST\svchost.exe
-
gencode
0onH4gcghlfP
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
svchost
Targets
-
-
Target
bdf46f94b451498f3680e952becb43849fab7b685677737d566a474a7c34e78e
-
Size
519KB
-
MD5
0a576752b14445994e436a13e1d5f010
-
SHA1
ee7a1f32ac798dfbb11657e20ed240590bf6ef0b
-
SHA256
bdf46f94b451498f3680e952becb43849fab7b685677737d566a474a7c34e78e
-
SHA512
704bdf6fb715d4b9579f6331e538c2bcdbea7b3c4541a1736838a632358fcbf3ca4070f6c5840636d3746507b7172332480b8669dbd602ea10662be54947e536
-
SSDEEP
12288:yiATy7mBkza8SK0Gs1QEqAXIMco0MbW4GkRklOVd4:lATh6ly1zXhcabWuklOb4
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-