General
-
Target
4eb72e48cfb33c9acef07a2e751778c015017c596c853c457480fc4789ace93b
-
Size
922KB
-
Sample
221206-2vkejaee7v
-
MD5
012318a76ded2c3f07bc87951161e230
-
SHA1
36b461903b381fd4c9d411dd9ba2de6f447f0c02
-
SHA256
4eb72e48cfb33c9acef07a2e751778c015017c596c853c457480fc4789ace93b
-
SHA512
7335849867e421fdf1ea669faeb36e6cbfe43eea369fbb494254634557c2a8c62dcc8e1d209d3b7ee7aa978b2aac2ec9bc7caab61bb290ab421d128fcf78f40c
-
SSDEEP
24576:FRmJkcoQricOIQxiZY1/a3c9gEsKvNyG/dT:KJZoQrbTFZY1/aMfvzFT
Static task
static1
Behavioral task
behavioral1
Sample
4eb72e48cfb33c9acef07a2e751778c015017c596c853c457480fc4789ace93b.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
4eb72e48cfb33c9acef07a2e751778c015017c596c853c457480fc4789ace93b.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
darkcomet
Zombie
crypto.zapto.org:10000
DC_MUTEX-17A0K8Q
-
gencode
d1zglQGL3Wry
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
4eb72e48cfb33c9acef07a2e751778c015017c596c853c457480fc4789ace93b
-
Size
922KB
-
MD5
012318a76ded2c3f07bc87951161e230
-
SHA1
36b461903b381fd4c9d411dd9ba2de6f447f0c02
-
SHA256
4eb72e48cfb33c9acef07a2e751778c015017c596c853c457480fc4789ace93b
-
SHA512
7335849867e421fdf1ea669faeb36e6cbfe43eea369fbb494254634557c2a8c62dcc8e1d209d3b7ee7aa978b2aac2ec9bc7caab61bb290ab421d128fcf78f40c
-
SSDEEP
24576:FRmJkcoQricOIQxiZY1/a3c9gEsKvNyG/dT:KJZoQrbTFZY1/aMfvzFT
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-