General
-
Target
HELLO.exe
-
Size
232KB
-
Sample
240331-r8efbsdg5x
-
MD5
3d44b09f3692fbb7e048e1168c001cba
-
SHA1
e4782b1348431efe4c89d0340fe23ab81bc0a3f7
-
SHA256
338f5bb747c33ad50cad75c3facd2f3103ce294a608666635d0b66a6ad2ce12c
-
SHA512
7b4824d0243ce546ebe607d519494a7780422e1f693aff8b82a122dd004d157524cc3e58a39c3ee9cfb61e8b40ae0b6cff593776b05d6956f7479c6e20692392
-
SSDEEP
6144:djFy93LU92VxOtVflFud4TnxcpPTASCmqMorHwMroS:ZFy9bPQZlFjrG0ZmYbw+oS
Behavioral task
behavioral1
Sample
HELLO.exe
Resource
win10-20240221-en
Malware Config
Extracted
darkcomet
Guest16_min
lightttt.ddns.net:1604
DCMIN_MUTEX-BJLBQY4
-
InstallPath
DCSCMIN\IMDCSC.exe
-
gencode
u03TbGe5ctBh
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
DarkComet RAT
Targets
-
-
Target
HELLO.exe
-
Size
232KB
-
MD5
3d44b09f3692fbb7e048e1168c001cba
-
SHA1
e4782b1348431efe4c89d0340fe23ab81bc0a3f7
-
SHA256
338f5bb747c33ad50cad75c3facd2f3103ce294a608666635d0b66a6ad2ce12c
-
SHA512
7b4824d0243ce546ebe607d519494a7780422e1f693aff8b82a122dd004d157524cc3e58a39c3ee9cfb61e8b40ae0b6cff593776b05d6956f7479c6e20692392
-
SSDEEP
6144:djFy93LU92VxOtVflFud4TnxcpPTASCmqMorHwMroS:ZFy9bPQZlFjrG0ZmYbw+oS
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Adds Run key to start application
-