General
-
Target
515c8739e2d50564c66b44bee231a44e
-
Size
864KB
-
Sample
231226-eadd6ahbfn
-
MD5
515c8739e2d50564c66b44bee231a44e
-
SHA1
80e84ad7c09a2ea07da7a58bd5eb6190e9770d75
-
SHA256
37e14b6407dd954e97c9aa70b7ef6a1507bda4a1037bcda79a72fd20d7602576
-
SHA512
8ee33724d97c9b29e9777ddf10b2e44384597e6488682f6c64604ff82b2c799f485d6cb24109f842f10f2a82f1b2f45e6a05c91e2581cd724cfb09cbcb3f0801
-
SSDEEP
12288:tQqzctd6LDEjG9EP4ORTarqSBJVIjlVOeMfPA9gwJP24HMvC1IDoiEo:SL69lOlaX6jXtMQ9hJP24HMwsr/
Static task
static1
Behavioral task
behavioral1
Sample
515c8739e2d50564c66b44bee231a44e.exe
Resource
win7-20231215-en
Malware Config
Extracted
darkcomet
Slave
vasilisth.no-ip.org:6106
vasilisth.no-ip.org:6061
steamc.servegame.com:6061
steamc.servegame.com:6106
steamc.servegame.com:4445
vasilisth.no-ip.org:4445
MicrosofWindowsXPVis778Mutx
-
gencode
q5JNtHnx4Yyq
-
install
false
-
offline_keylogger
true
-
password
hacker100~
-
persistence
false
Targets
-
-
Target
515c8739e2d50564c66b44bee231a44e
-
Size
864KB
-
MD5
515c8739e2d50564c66b44bee231a44e
-
SHA1
80e84ad7c09a2ea07da7a58bd5eb6190e9770d75
-
SHA256
37e14b6407dd954e97c9aa70b7ef6a1507bda4a1037bcda79a72fd20d7602576
-
SHA512
8ee33724d97c9b29e9777ddf10b2e44384597e6488682f6c64604ff82b2c799f485d6cb24109f842f10f2a82f1b2f45e6a05c91e2581cd724cfb09cbcb3f0801
-
SSDEEP
12288:tQqzctd6LDEjG9EP4ORTarqSBJVIjlVOeMfPA9gwJP24HMvC1IDoiEo:SL69lOlaX6jXtMQ9hJP24HMwsr/
-
Drops startup file
-
Uses the VBS compiler for execution
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-