General
-
Target
c4648dcf38c8be2bd5014fb81c55fb5c29da969ebdea8bee8831c273a966657d
-
Size
955KB
-
Sample
221203-qxtv7shf7v
-
MD5
3aba0561bac692088a8124497b10bcc7
-
SHA1
d4bd0472181a1fd571b4524208bc10da22901b80
-
SHA256
c4648dcf38c8be2bd5014fb81c55fb5c29da969ebdea8bee8831c273a966657d
-
SHA512
844d49380b6c47f0295f33d2282aa9b0d877b5bea990a45c05530ef314bf0d7d060d4587895db944e4ca2688ea492d9863d96cf9bb19cb07a511fa88d7731a86
-
SSDEEP
24576:rdUvg0chwTjvBIvwaZQJniuL9W0pesrdc4jvU:rpKGoayZtd5nD
Static task
static1
Behavioral task
behavioral1
Sample
c4648dcf38c8be2bd5014fb81c55fb5c29da969ebdea8bee8831c273a966657d.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
c4648dcf38c8be2bd5014fb81c55fb5c29da969ebdea8bee8831c273a966657d.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
darkcomet
Guest16
darkcomet-reborn.no-ip.org:80
DC_MUTEX-F54S21D
-
gencode
V7o8b6zx0d0d
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
c4648dcf38c8be2bd5014fb81c55fb5c29da969ebdea8bee8831c273a966657d
-
Size
955KB
-
MD5
3aba0561bac692088a8124497b10bcc7
-
SHA1
d4bd0472181a1fd571b4524208bc10da22901b80
-
SHA256
c4648dcf38c8be2bd5014fb81c55fb5c29da969ebdea8bee8831c273a966657d
-
SHA512
844d49380b6c47f0295f33d2282aa9b0d877b5bea990a45c05530ef314bf0d7d060d4587895db944e4ca2688ea492d9863d96cf9bb19cb07a511fa88d7731a86
-
SSDEEP
24576:rdUvg0chwTjvBIvwaZQJniuL9W0pesrdc4jvU:rpKGoayZtd5nD
Score10/10-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-