General
-
Target
e301cc5de70d8cc55ac87de0f7f974860090b20bf895f7440515e0d6ed65024e
-
Size
1.1MB
-
Sample
221204-qwcwasgh6x
-
MD5
16c166c342b404f53ae55d2cd94c77d8
-
SHA1
737724c13d73370cdb59a8212df05086a7695c2f
-
SHA256
e301cc5de70d8cc55ac87de0f7f974860090b20bf895f7440515e0d6ed65024e
-
SHA512
0a42ac58f0ac200eafa01d766bce952e846d0d3f4a6b13cec561d34e1dbd91dfd883c5f453b3651ea8659956d473e798f8ec2a89e02c33ad655ed0a56df68477
-
SSDEEP
12288:e4qEIfvSlllU+PybF1vnamsSyhMkJ4/xBK3q5Dbcc3TeUTfMvS+dCzYB4Pu/VudO:LdhphChyUD/VoFnVmH5fg
Static task
static1
Behavioral task
behavioral1
Sample
e301cc5de70d8cc55ac87de0f7f974860090b20bf895f7440515e0d6ed65024e.exe
Resource
win7-20220812-en
Malware Config
Extracted
darkcomet
Zombie
dylberts.no-ip.org:1604
DC_MUTEX-42UDWEK
-
gencode
jSplwxG3dXQW
-
install
false
-
offline_keylogger
true
-
password
hooch5
-
persistence
false
Targets
-
-
Target
e301cc5de70d8cc55ac87de0f7f974860090b20bf895f7440515e0d6ed65024e
-
Size
1.1MB
-
MD5
16c166c342b404f53ae55d2cd94c77d8
-
SHA1
737724c13d73370cdb59a8212df05086a7695c2f
-
SHA256
e301cc5de70d8cc55ac87de0f7f974860090b20bf895f7440515e0d6ed65024e
-
SHA512
0a42ac58f0ac200eafa01d766bce952e846d0d3f4a6b13cec561d34e1dbd91dfd883c5f453b3651ea8659956d473e798f8ec2a89e02c33ad655ed0a56df68477
-
SSDEEP
12288:e4qEIfvSlllU+PybF1vnamsSyhMkJ4/xBK3q5Dbcc3TeUTfMvS+dCzYB4Pu/VudO:LdhphChyUD/VoFnVmH5fg
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-