General
-
Target
3fa712fa1f5fd57eeceaadfe61e4caa9
-
Size
691KB
-
Sample
240104-ctl5asheb9
-
MD5
3fa712fa1f5fd57eeceaadfe61e4caa9
-
SHA1
2c34c4c3ee37493af7e130023c69dbc6829b0cff
-
SHA256
4055f66b00029901a2c4d135c126185bbabf7393e06e24b4fbc183cfce4406ec
-
SHA512
b8ef4a5f96ca3f99e2acb15f7e0d70b3d0e1a9f02875a6c15df760ef934a4589a04db7e409f359d594d579df4bf57cca75d5b66f61fbfb99704e42f98063eb9d
-
SSDEEP
12288:wxeC6+2dW+m5XwneFYCMFY7vEwYadHT/VGyE4Q661qlVoULVsBu:kQ8we/AYiadHMa61qlVsU
Static task
static1
Behavioral task
behavioral1
Sample
3fa712fa1f5fd57eeceaadfe61e4caa9.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
3fa712fa1f5fd57eeceaadfe61e4caa9.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
darkcomet
Slaves
ratrololol.no-ip.biz:1604
DC_MUTEX-4TN56C8
-
gencode
eoH57CKDnAQ1
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
3fa712fa1f5fd57eeceaadfe61e4caa9
-
Size
691KB
-
MD5
3fa712fa1f5fd57eeceaadfe61e4caa9
-
SHA1
2c34c4c3ee37493af7e130023c69dbc6829b0cff
-
SHA256
4055f66b00029901a2c4d135c126185bbabf7393e06e24b4fbc183cfce4406ec
-
SHA512
b8ef4a5f96ca3f99e2acb15f7e0d70b3d0e1a9f02875a6c15df760ef934a4589a04db7e409f359d594d579df4bf57cca75d5b66f61fbfb99704e42f98063eb9d
-
SSDEEP
12288:wxeC6+2dW+m5XwneFYCMFY7vEwYadHT/VGyE4Q661qlVoULVsBu:kQ8we/AYiadHMa61qlVsU
Score10/10-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-