darkcomet

Sharing

Copy URL

Twitter E-mail

General

Target

bd2.rar
Size

5MB
Sample

230911-ljdvlsfb99
MD5

bba9c480da6eb9ebc5d23efd34f35e17
SHA1

5123a56734160e1640a1de53f9ccbafab181cdc5
SHA256

819271f36a9c832d4c3f60cbb67f2edff06b9fc9942236764f5e0a0e55deb4f7
SHA512

b85e4aa2c8245173755315734c29b3d09a2ede776ad8c15a1b511ae2a556013bcbd4fc9cdb07248409d50869dc8b8c3af76913b9b84060212f0d28a32e8ad620
SSDEEP

98304:sBXmSYF6pPcnI830zfSAwuWnCxN9DXIKg231ubLrLR1lAow6z755X2tsMfAlo+uq:v9LI2gfJdWwlIMsL3R1qoHzbX2bOovxA

Score

10^/10

Malware Config

Extracted

Family

darkcomet

Botnet

LOL

192.168.0.2:1337

Mutex

DC_MUTEX-3ETK55Y

Attributes

InstallPath
MSDCSC\msdcsc.exe
gencode
K8XEPUuvqdYt
install
true
offline_keylogger
true
persistence
false
reg_key
MicroUpdate

Targets

- Target
  
  0576f333cc9fc894b7959f1a43f135d77f7ed09af8d8943dc9ce4425256e5d73
- Size
  
  103KB
- MD5
  
  cd5ef7d6f8cedddb4c7c25bef86e08ff
- SHA1
  
  61b1110b76ba975b0c8fefebcd55bf4a66c7a1e7
- SHA256
  
  0576f333cc9fc894b7959f1a43f135d77f7ed09af8d8943dc9ce4425256e5d73
- SHA512
  
  1026559066adeeffa26d1e52f8acde5df0827a0cf13b16519fa09bc51147c212e5a5b91b4693e8d6311aeecbc681fbe772395c00e872aaa008eff6dff9215907
- SSDEEP
  
  1536:YVF7HDFwRJXJL6nIdQysymlSM8cjLFncTj:YVFHFwRJNFdvsl8cFnc
Score

1^/10
behavioral1
- Target
  
  0818868e13cd8c18824e49912fc9cb921548b3b1ff9c6540a279dabc8e45c90d
- Size
  
  893KB
- MD5
  
  711c9feebcf5cc29052663e2b0545c33
- SHA1
  
  b6aa950a670c701cae54a7f853b7b85040150595
- SHA256
  
  0818868e13cd8c18824e49912fc9cb921548b3b1ff9c6540a279dabc8e45c90d
- SHA512
  
  6355dde74a7989be3ce5f25f18108cdc709c8ac1c16797338271f2be0da6c6646a17937f8a142a31cd0a3413111c3685b583eca4dfaf983c9612e3d14454be20
- SSDEEP
  
  24576:HnAw2WWeFcfbP9VPSPMTSPL/rWvzq4JJfpd/Bz8+:HELbVMTrOq4Ttr
Score

10^/10

darkcomet lol persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral2
- Target
  
  120079a8a3d4bfb899a24f3e2cb61ad023e6fbd55f3a53b5630a8cb7a4c89c59
- Size
  
  78KB
- MD5
  
  6e09c12dd9fe2a8d6324a609561741fc
- SHA1
  
  21dcd9894b977b6eb24a5018762780e5001bc828
- SHA256
  
  120079a8a3d4bfb899a24f3e2cb61ad023e6fbd55f3a53b5630a8cb7a4c89c59
- SHA512
  
  70d07b38ab6e46df748349ad4a897f37d386c8b394d9cdb422860428db71c068ae01e746fe1787775f304f59e8af321d8c2cfd9bc8f80bd5d1847992390364cd
- SSDEEP
  
  1536:8gXtNUuCjqPpf6vlt2BDFuAT5/3Sx7Vl4r:8gXtSVjYf6vltKFuAT5/Cre
Score

1^/10
behavioral3
- Target
  
  28935ba0f5b64e4b436c5015fe619c0451c5cedabf86101f2489cb4857a942d6
- Size
  
  998KB
- MD5
  
  0f13af2cb4af0afb68edc91dd8f9b510
- SHA1
  
  a9704e9ba1b30c00eb2f5bde4d33259ad830bca4
- SHA256
  
  28935ba0f5b64e4b436c5015fe619c0451c5cedabf86101f2489cb4857a942d6
- SHA512
  
  8dd3d83f152e1e280c946af5827538f168150b72837f26224aa49f67b405b88cae24bdca00ae237169dd9aa2816e1613ecec6ccc3342bcc0b24500c5c3b11bf3
- SSDEEP
  
  24576:h7ZJHn7QmXcO5I3YoSUQmX3X1HL7CWXUJ:hNJHn8mDiIoSJmnXYWXU
Score

1^/10
behavioral4
- Target
  
  3144079c68ba00cebfd05239a2f5bd406096ec02e13e8571ca24313df7a5b679
- Size
  
  41KB
- MD5
  
  901fa02ffd43de5b2d7c8c6b8c2f6a43
- SHA1
  
  8bb71adf1c418061510c40240852c3cd61fb214c
- SHA256
  
  3144079c68ba00cebfd05239a2f5bd406096ec02e13e8571ca24313df7a5b679
- SHA512
  
  6500b1a0e1a5995226bfcdaf1a33867bd9ccd5b84552db73f46dc1ee44461dbb29de6d16e8bf0da0c56d15ea60a4f44f105d005de139924ecb46d274cce90bab
- SSDEEP
  
  768:fQ+il+psGX0QEohGEVZ/E2G7k14rQMRkoIQ:fxiYVjE4VZ/ZWRkoI
Score

1^/10
behavioral5
- Target
  
  4471a56b762da1f9ae70861d99c31fb58fafb2df7fb32b6de3a3eaaa0f43369a
- Size
  
  265KB
- MD5
  
  aaca1aff2296b178e55cc655174dbd58
- SHA1
  
  4ed53bc32033250b94b47b7bd28a7a3a6ff87efc
- SHA256
  
  4471a56b762da1f9ae70861d99c31fb58fafb2df7fb32b6de3a3eaaa0f43369a
- SHA512
  
  7ec3404bc5f10542bf5667fbed47c042370583d4866a88a0da9d15497ece60f66f36dd43b5ed618a65ce4b2091bd7a095e4287ba65c0d5ce0d44b14de0e08aff
- SSDEEP
  
  6144:UBWUV+ziUcC3h8W9w4oeDee9EBas3FIxbR+d+9zY7/IKabv1mtTBV2J:uWUGxQ+9EbIz1mtT8
Score

3^/10
behavioral6
- Target
  
  5658975456c070ef504d91c6513f33e368e7f299473628086885cbd47c951725
- Size
  
  531KB
- MD5
  
  6c7b364dafe0560dfb15c9b03f1b44bd
- SHA1
  
  c1afaba28a964002a9bef9da9958abf34549c6d3
- SHA256
  
  5658975456c070ef504d91c6513f33e368e7f299473628086885cbd47c951725
- SHA512
  
  b50cba2e7dfb417c38bd28687ca41588b9c8ff3356d006b2fcfd01fe02ec35e3648ab5d276e90b5b3251500dae514100fc1d14b49bb7007a3de3deb0a362cefc
- SSDEEP
  
  12288:XBtll0vt5ZhfVIYNi5lYpZfI1OMxit4rZp4KB9bN7o1T:xtGphR6OZfGMUf4KBY1
Score

1^/10
behavioral7
- Target
  
  577651d852e0486d0e52e7967aa38a34eecfba74b9d88cff9cbca7745b97f013
- Size
  
  153KB
- MD5
  
  517b0e692e1d6d1dddf851d9c5b5e74e
- SHA1
  
  f471fa02663bbaac8ce85c1984a1f806125f4a66
- SHA256
  
  577651d852e0486d0e52e7967aa38a34eecfba74b9d88cff9cbca7745b97f013
- SHA512
  
  a33063450fe8684d75c09bc7babdb7630cf2885306e6d7d4d253927e2d0ccfb97330ec62bf4bc1e5a5690cae31c88e6809371900987ba9856dad7d207e167764
- SSDEEP
  
  3072:pUkneFghZRkR9G2UxmU9/GEo+s8h7EwKjkK0EdCC7V9TPjxdZPeUCuIJF:xn8ghfkbG2qmU9jo+bYkKLdN7V9TddVc
Score

7^/10

persistence spyware stealer upx
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral8
- Target
  
  686a894f6c07c116a54c3668e141f62b5d3647671dd1a6caa5ab256d6ccc0402
- Size
  
  866KB
- MD5
  
  13b211ab13b5cc35023bf5f444771870
- SHA1
  
  11d6f265aa36287177f75fc12f7259562ffd1240
- SHA256
  
  686a894f6c07c116a54c3668e141f62b5d3647671dd1a6caa5ab256d6ccc0402
- SHA512
  
  e78264817d3686d963e3730bae2a152fb9c677ca793d0cb09467d50452f4686b140d21f5636844a177421014e547d08c461fdcb17774ddd739faee2d1dbce353
- SSDEEP
  
  12288:Iwze/jF/BHNDW3e9/i+xftOgHUuDfe909VAAy7htx0s+PQ3qbJsnfDbEpIr2KP:IGajrciibgND2Es6Q3q1GDgwP
Score

7^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral9
- Target
  
  7260ba89a3efc9c9da22738941659387de822fd72c6459126a40fcaf434f5300
- Size
  
  10KB
- MD5
  
  a7dc79ac4a87c20a2d24a57b719ff45e
- SHA1
  
  baa6edf714df1633f7dce83e3f4f7ff59e1fb3cc
- SHA256
  
  7260ba89a3efc9c9da22738941659387de822fd72c6459126a40fcaf434f5300
- SHA512
  
  45dd665b9c9bd80a4fe74aa22c5d8b0b57a46275820c1417db72bf28ff25ab408e4875dab4955344bb525a70d00df849972b4c0bbef9337be81f576a91f48961
- SSDEEP
  
  192:c9pxn0hZICes8iTMHpR8c+TGyRuVAMsLVC:c9px0hZasL4jDyMsLI
Score

7^/10

persistence upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral10
- Target
  
  7549e6eec34d333e293e892682aef25a99a5f740e9c0bd1dbac0ba72cb174faf
- Size
  
  44KB
- MD5
  
  4c2e4a098802ed762a601d91793c6f56
- SHA1
  
  3c5a2ca12bcf6fcc2a63bbd69719b3cd01e4a6c9
- SHA256
  
  7549e6eec34d333e293e892682aef25a99a5f740e9c0bd1dbac0ba72cb174faf
- SHA512
  
  5befe6f632035891e7ba691a1120def78a2acfe21355ab223d71e03ce393f6f3bccaa4d2140d5c63ba3ca4fbce80ded9a6b7fbe3e876dd68a98775319dcb3a68
- SSDEEP
  
  768:GjcBI5Ry+U5ySh/shko9nhFvgdbr9f5MDsef79F:icmu+nkdoRhFvg9rxqTf
Score

1^/10
behavioral11
- Target
  
  8005f928bac5b920c0bc45b142d1ebff7d039cd805e7a7e5b84a687f472edf40
- Size
  
  63KB
- MD5
  
  0f55678deaca5c319c834570030a55a8
- SHA1
  
  b9bfe86fd11aff8ee2b1223cca89837cb6ffc538
- SHA256
  
  8005f928bac5b920c0bc45b142d1ebff7d039cd805e7a7e5b84a687f472edf40
- SHA512
  
  adddfcbe92d17a7dc1617c76ebac5d1bce579fad9b124046182d42d933c9d8291041b828afef750076e6d46295e350731dc7dcca5266f450d0b564230f2daab5
- SSDEEP
  
  1536:tjhXi/7djZsRMhT8XwhlYxGFgTd0mJbwzt9yrva:tjADdjoMhYXwsDTd0mtw59eva
Score

6^/10

evasion trojan
- Checks whether UAC is enabled
  evasion trojan
behavioral12
- Target
  
  850b4213433be908bf4b06cc9fe6c6e99c4075431f708d3d6fa4191c10a412aa
- Size
  
  61KB
- MD5
  
  46e5cbf6377ae68557243414a28f7f11
- SHA1
  
  fb4722d6792f5d635a3d136a11ac3e7d02626a2c
- SHA256
  
  850b4213433be908bf4b06cc9fe6c6e99c4075431f708d3d6fa4191c10a412aa
- SHA512
  
  97896c836e85e19a4cd481fadcb01dc030a3891c6d6451fdb26e9599d2ba4c4e5c7571aa44e99f181ffc784309bcc5a5e8db2dd144cc91f589d084317f2f6fe8
- SSDEEP
  
  1536:ZgUryYbOtlmR5rwLlLYjqzwKdgg7gRYkiK08:ZgUrZOtSZwZLYkrdgg0t
Score

7^/10

aspackv2
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral13
- Target
  
  8967240c55a6aeb49447b18b8b8c17002aab4d2dcb6b6a54c597c4c89761bae6
- Size
  
  93KB
- MD5
  
  a90910da6970ea2900cd0d12feec6970
- SHA1
  
  51d70e45496fb3706c9d7b218f5c5e8d0b7c7fd2
- SHA256
  
  8967240c55a6aeb49447b18b8b8c17002aab4d2dcb6b6a54c597c4c89761bae6
- SHA512
  
  65bf588eac302c06da7110be761685f1498b35723a6e6a822db9e6000055ef4ace4df5452cd23e5703e1d40340707c8ed539c946b60008bcfd65e66ab1d8a935
- SSDEEP
  
  1536:TDcgZBhcsWjmZBk5IzdoOo6YGc1g3X+Yi9nAlxpaB7:Pc0Dcs4MBk5I5c1sLi9nATpaB7
Score

1^/10
behavioral14
- Target
  
  931c994cb6d01bb1f15c92f371b06615b38cb012b5aff8f04fb1895c1def4c6a
- Size
  
  162KB
- MD5
  
  e6e17a51bfe1047b179df361764ba4ad
- SHA1
  
  6de42ff27076bcf20591b21e466fbedd3726f8ce
- SHA256
  
  931c994cb6d01bb1f15c92f371b06615b38cb012b5aff8f04fb1895c1def4c6a
- SHA512
  
  f3e1d420ca077928b44faccde89af28631dfa8818e4191f9bcc033d3fb9ef4ef5068584fc9d0c6b5e2ed407c32b2cb3b7577556fe1588691636b1349a8fbf4eb
- SSDEEP
  
  3072:l0dT1kiRoVK5mlwSUh9FRrQT+ETK0svywsQg1HS/l:NiRKKg6Dh/RrozstsQ6HS/l
Score

5^/10
- Drops file in System32 directory
behavioral15
- Target
  
  95d30c863f4ce23c6281359606ca6a3ea2011d85f04c2fdb370cfd986d154c3d
- Size
  
  26KB
- MD5
  
  01b450b399954b77c3e48a2661e40750
- SHA1
  
  c79c9559572a88f19137ac97af290dee7a1361f7
- SHA256
  
  95d30c863f4ce23c6281359606ca6a3ea2011d85f04c2fdb370cfd986d154c3d
- SHA512
  
  079df990d03a5b8e42457aac93d038d153acbc764203910f870c650f4222d2f146b65d9b13d7f46e28a8a85d4eb6744863122a45db0ff92031af38da6203aac6
- SSDEEP
  
  768:QZJ2nn4nfpuH/JupHrkgtaA4nr/h6m3TSyERTX:IJ2nnaqk2/1kX
Score

3^/10
behavioral16
- Target
  
  987114cfeb4c661c41102d92f44081abcaa55770d8b77b277c76ff1c22e6f849
- Size
  
  2MB
- MD5
  
  bf28e4146684be112faa0ff55fe000fd
- SHA1
  
  fc3e26f964e0b5681120b7aadbd3847547c502cc
- SHA256
  
  987114cfeb4c661c41102d92f44081abcaa55770d8b77b277c76ff1c22e6f849
- SHA512
  
  9b2e84c605aca657add172b239fbe39aff9fb54d6add656b0ff359df42eb81bef70d75f1de865674f2c407fe469b446ac547d86a42e190388572386cf9be9262
- SSDEEP
  
  24576:+q72qInevH2GqcBrDxTcqtuGQvGHsW408v/3BiibX6XPODylsp605ndPPNZNfNNl:rxMcdOqk/Y941XHMM6cP
Score

1^/10
behavioral17
- Target
  
  990869d8202adae2536d9a853a90310cdcfccb806dba2e7797adff19bb734b7a
- Size
  
  288KB
- MD5
  
  a7cb9b495f4cfc30bcc19535bba42636
- SHA1
  
  76a881374b90623db90154c43837915d6f2e6c2b
- SHA256
  
  990869d8202adae2536d9a853a90310cdcfccb806dba2e7797adff19bb734b7a
- SHA512
  
  ed8c8fb16ee056e7d0ea427a7ca5d956226e464e0feca3983a94c477a8beaff19e8b192e19da8c84e094a5875f225b5362266f07146f5c663b86a6d2cf016680
- SSDEEP
  
  3072:hJtC0ELX1kMj0v+WSoWGd6Ta0DbcKyy6QtYoh:hJNo
Score

1^/10
behavioral18
- Target
  
  a039ede21307440d265d68fd2487a374308ccfbe9e080ebae52ddf05716cf63e
- Size
  
  205KB
- MD5
  
  27c6ae598a0a05d1aebcca7706944c0a
- SHA1
  
  bf8276c1ad6d338dd18d1a1599d41df428295508
- SHA256
  
  a039ede21307440d265d68fd2487a374308ccfbe9e080ebae52ddf05716cf63e
- SHA512
  
  ce2d9ab10c587f96025e0b8636564fe89734f8705360f9ad905ad20bc5fb9d46ae4584aa8ca0a647f945c5f9b6a4df925c0cd8eff9be57300a28c10e527641ba
- SSDEEP
  
  3072:J5KUXypem0eVOKoeZR/7SfO6BKexrcrkENBTJckPYi9VXtua4Sd4sfaaP5CY1tdx:JE5e0ZRj96BKIrykEjukR9VXB4OHp71t
Score

1^/10
behavioral19
- Target
  
  a5536add6e13320c23ccc5b650806756947a24847c6972ef32539c51f0bf36cc
- Size
  
  401KB
- MD5
  
  cd31d9cfddee7e523382f78a77df3b1b
- SHA1
  
  14b64ad4bf4a56750b3a1869312ee03d5809f995
- SHA256
  
  a5536add6e13320c23ccc5b650806756947a24847c6972ef32539c51f0bf36cc
- SHA512
  
  9065ed108f532688e369cbef0d38510d5098aa90b93c6bb5203de5fcb145810c27bd883752d06ed1b3b946b7a7fa44769a3334fd0afe2e418c2fc7f3a5cdeba2
- SSDEEP
  
  6144:0YIWzNQTFWq2p7/mjBqlNFOqLSHQujEjNLBMHxFIDsfVBRL4hBPd3:MWzNQFWqUijBqlaASHqBMRqDsjBg
Score

7^/10

persistence
- Modifies system executable filetype association
  persistence
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral20
- Target
  
  aa04e261834e78ccb269871aaa9850f5631e7b91a1d6271632af8ce1b8440a60
- Size
  
  284KB
- MD5
  
  25c3b399a82a0a335104b5d80729bd86
- SHA1
  
  2caf98553c794c8702e667cfaee7bc4bbcc6c8ab
- SHA256
  
  aa04e261834e78ccb269871aaa9850f5631e7b91a1d6271632af8ce1b8440a60
- SHA512
  
  85071b1a0668f2eefa55e7e5cba4286352c976fce4b5e5be530fd2a7998ef932e76cc8eed231a2f675cf6126aad5b905f8110ae2a6871f280e7591a33470bf12
- SSDEEP
  
  3072:y1qd5hNAzbypJpTqkXeGjOXWGGxCJwdaDF2YKEtgWzjZ:yAmbypJpTqkXeGjOXWpNYKE5
Score

3^/10
behavioral21
- Target
  
  ac9b824d49b552efb18de1c8b1e2e27f8482c2036dbadf250ec4c347fb1909e6
- Size
  
  366KB
- MD5
  
  d378da3d0bb22ff74441c5bc4e173254
- SHA1
  
  b01c0b81679a7d39e624174e8c18c200621be647
- SHA256
  
  ac9b824d49b552efb18de1c8b1e2e27f8482c2036dbadf250ec4c347fb1909e6
- SHA512
  
  4c948f449290d7aed36e0dd487d04bc8ff6832a3aadeaadbac8b3b65c4230a060da8ac4934e13486b4f5d7623f922163e483645107801d92d439cdd4ee807873
- SSDEEP
  
  6144:Wz/qJ2K36BAfMInvWK3j1Vcm/msee9FvoGrGIvpG+CSt1Zk36cy:YyJ2KoAJvW6j48ee9FoXf+CSt1qqr
Score

1^/10
behavioral22
- Target
  
  acfff3b6ef085062220a4c562af3c169bc1dc6c9624061705ebf167666fec1f5
- Size
  
  32KB
- MD5
  
  fd1c60aeecef100671da032e86a93db8
- SHA1
  
  50a6073d2f536d72a2249725934d406c03239bf9
- SHA256
  
  acfff3b6ef085062220a4c562af3c169bc1dc6c9624061705ebf167666fec1f5
- SHA512
  
  738c5840cb75d829035ac37409fe8bb5a016bb4d36d87fc1c79812a6f0ad080d9c2aec96a6dbcea85fd5591e5c7ae6cb7e8270a0da43b6856e364af346d58204
- SSDEEP
  
  384:VfODpXShriC6bDMDXIi7GiXyKKFcH+AOJTAvV9SaaDpX:VfODRShZ6boDXhGayKLHfcYsaaDR
Score

1^/10
behavioral23
- Target
  
  ad63b5e098762eceb320f1d0bccd26efc807f4263425beab326580d372d7a90d
- Size
  
  31KB
- MD5
  
  0f9f4c9b4d6bc38fcac908e35020fed0
- SHA1
  
  5b3a2ba82ada91d66b073374349da36324b68cc4
- SHA256
  
  ad63b5e098762eceb320f1d0bccd26efc807f4263425beab326580d372d7a90d
- SHA512
  
  7446259d84ceb6433a16a455d2b70f2babc3586e50831c37665295a510a275616a6a037df23bed9fafb4bd15b487fbdeb6e9e0847a53d22f28bf77802baf21b4
- SSDEEP
  
  384:B6Vdo4bZsgQ2y4sI4qpz/UJE5h4wKNaxH732bpg19pCK2532lDmtjF3uC026Ur9K:0jb62y4sI5VU4h4aH7mdsgA4t902JBK
Score

6^/10

persistence
- Adds Run key to start application
  persistence
behavioral24
- Target
  
  b6f89bb321aaa480c0abdb4adf70171fb3faa9cea05c3b79c926aba2a705ac71
- Size
  
  168KB
- MD5
  
  fa20cbb490be565f9aee5bc4755ae294
- SHA1
  
  269bcca85d9e26fe9e10dc646051a77a78d41398
- SHA256
  
  b6f89bb321aaa480c0abdb4adf70171fb3faa9cea05c3b79c926aba2a705ac71
- SHA512
  
  6136f90e829194d6c1a5b381a3336471ddacc616ac9330640c0371d24b52c5000da8672eeccabf901fc9d1509eed78b2b1b05d2f96fc57ca4e6d5b7c41aaed17
- SSDEEP
  
  3072:zi4iiiYiiiiiiiiiii3iiiiiiiiiiiBArGGgr6JGeHWMCAroXha91anvAvR8H8ZU:SEBNQZtscqk
Score

1^/10
behavioral25
- Target
  
  b72681efae1357d76e3f81c248754ec7f554c3d6aa17d2655c2d2b615f45bb01
- Size
  
  49KB
- MD5
  
  fc3dc4448acf7b496e235bd819faec94
- SHA1
  
  692dd29021434b537f281a6a1712381bb3fd4b16
- SHA256
  
  b72681efae1357d76e3f81c248754ec7f554c3d6aa17d2655c2d2b615f45bb01
- SHA512
  
  6419f6fe0eaf32eb9f2b12fb866134b5d5482e961b7ed6ef35bffa800a1dc09022f115f522d89dcc03ee4ca6ed1ff9261c0bf509f2c6ad0d31a4b63ec82a8189
- SSDEEP
  
  1536:asRgNYdaOLijTlUnoY/2et4RO09XsgHX/NgM:asKNUaj5ib9SZ+
Score

7^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral26
- Target
  
  b76abee85e155bccce852abb79fea7dfe7a2d283a2ad5b15f9e16785832886f3
- Size
  
  116KB
- MD5
  
  283319caafd30aea58912fb673916bdd
- SHA1
  
  18380dc09da9413171db980754b5b1deef61fd4a
- SHA256
  
  b76abee85e155bccce852abb79fea7dfe7a2d283a2ad5b15f9e16785832886f3
- SHA512
  
  470c6a835cf3db5074399c699f434cd9689b70fc7b987dcb55953810c44a2d513f4d81b3f49284251bc8a953e15c007110e12f1b3d1d9553aa8fa004a6efd12d
- SSDEEP
  
  3072:1/nbYtf7NC1uC1I/CLdwsDPa/x5JnTkEPd:dbYe1uC1I/CLdwsDPa/x5JnTkEPd
Score

3^/10
behavioral27
- Target
  
  bd43f4855ee6cca18747c1b801ee25014f7b341e55f75733d3bdbd25e78594c8
- Size
  
  264KB
- MD5
  
  248114ebd07e3ae252f57bc836d09b20
- SHA1
  
  76ac709326d86158446dc31bdfb1c231fad44afe
- SHA256
  
  bd43f4855ee6cca18747c1b801ee25014f7b341e55f75733d3bdbd25e78594c8
- SHA512
  
  d7594d8811a96f772e035215aa8db3db1829aa022ee1068dcb4744247717980efe75a650a672ff2ea4b27f4ddfe8755c43a4d893430f1ae05d1ba1ed16526880
- SSDEEP
  
  6144:Ou1ZDKQqL5FCS2ZRak2IIOOe27/w4hHPw70M:D1Zml/LIIOOO4ZPs
Score

1^/10
behavioral28
- Target
  
  beb65a98d5f904bda0591ead5e0f99675a51540c7e563546914a52ee86a81710
- Size
  
  140KB
- MD5
  
  ad3e543ab72d728e8c120595aa2b7258
- SHA1
  
  825ddb9c5e24eba60cae65ec9528e8e2223fa3af
- SHA256
  
  beb65a98d5f904bda0591ead5e0f99675a51540c7e563546914a52ee86a81710
- SHA512
  
  3a8776c165cd8562dbb27be324acbe23fbb58f140892d3c4ce6bc92734ff3e9f4d5013be8db53da7bd47471f6bd3b710ffeabdebe9afe15034675ea8ee40e90a
- SSDEEP
  
  1536:MjRoq6Fqoblo4TBZ+YGjwl9sKa5Yo9vOv/GD4A8A7DjPNZdVDlT:MkbjBPGjwlE5Y9v/GD4M7DRZdv
Score

1^/10
behavioral29
- Target
  
  bfa5ec75aa2f5382b1d5738171d5b078ff03c3e8402b3ead1a860bc41526e1c4
- Size
  
  1MB
- MD5
  
  d5ca5097af0b0611e0cda7ff77dabac0
- SHA1
  
  b9ada42df93d7144c0300b4812417999f55af56b
- SHA256
  
  bfa5ec75aa2f5382b1d5738171d5b078ff03c3e8402b3ead1a860bc41526e1c4
- SHA512
  
  d43be8d391b3b7c6e3ea869c1138d5ed0b4088242b978d34e32d9cac511a8a000323da7c550b837da7adc850b05e029296a7fcffbec1f02b0ad5004d07180a18
- SSDEEP
  
  3072:rqxq9NYVbicb/M4EnDy18LHk+VjHCQqlmpcwZBtsqux+mKGg5Po8rqGsPYaCHIpN:ewxxH10JgU
Score

5^/10
- Suspicious use of SetThreadContext
behavioral30
- Target
  
  c0453430d78e62af642dc53c38bee695d6d5cc4f2d83f882502b0eb57b372e6a
- Size
  
  936KB
- MD5
  
  6b7733099562e1d827cfbdb39f768090
- SHA1
  
  dc2aa0fefb7b75ad47bfb25c4f3cc8813fd9ba9d
- SHA256
  
  c0453430d78e62af642dc53c38bee695d6d5cc4f2d83f882502b0eb57b372e6a
- SHA512
  
  f757fa154bc7d19be683594c5960d93fa5d518cc82f29229f81930cae2f2ea7f0b269d6768a781dc9cf8630c18475d7099ad96a74158cd0100851038ecbde6ab
- SSDEEP
  
  12288:gWGnUMoabkcD9fNN1oXk+aiptW5v9edN1gFAbdYd0wCUKbnaKFTrSGWtJT2aswIw:gtnUZkrPv+qI+sUKbn5TOGocanN
Score

8^/10
- Drops file in Drivers directory
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral31
- Target
  
  c715f6507e52e078f55310f4ddcf3922d7d94ec26307179a9f256a68abaa9d60
- Size
  
  84KB
- MD5
  
  af38a9ae5ce15f7d69f8041e9bf72573
- SHA1
  
  7f4f016df7d5394915b33d5978897d22c3f45e83
- SHA256
  
  c715f6507e52e078f55310f4ddcf3922d7d94ec26307179a9f256a68abaa9d60
- SHA512
  
  626bf3dcc90ae7794131caa646b1b7df41f6c50f170cb3b326f4be27fa14ab6428ced2396a672ebc1c1790418735cfb67932b58e564470d0781b6258128e5b03
- SSDEEP
  
  1536:CBkruH/KslrUxuC7atplwpxde4dckGZu4wkLKsKnzDT4ez1/tZK2/0g4cSDl:Uk6fKqltplwpre05GZ1KsizX421/22MB
Score

10^/10

evasion trojan
- Modifies security service
  evasion
- Windows security bypass
  evasion trojan
- Looks for VMWare Tools registry key
  evasion
- Deletes itself
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Drops file in System32 directory
behavioral32