General
-
Target
ba1e42b0fc454c041dd89ab04d9615c0N.exe
-
Size
324KB
-
Sample
240731-qenlgavcmr
-
MD5
ba1e42b0fc454c041dd89ab04d9615c0
-
SHA1
6c1f08e8818f4f11cbd145ca6d159b20a87b9091
-
SHA256
40df0baf051090f518f217c285992c7ce6c432b6989412ae6ef512ab8fc29b70
-
SHA512
646800af399c03154a2c7add396687745064e99e677f4ca88e27e62559c6e9cf319c39257b695661da0c27d265204b7309cdfb4d680cfb7f54b7b5ea0aaffdbb
-
SSDEEP
6144:cvhFCYZdP5aHNn1s7C+3S4R5wQrV/YbZwZ3ssu4eqswN8s1Pf4NAGy5uRyXR6P+R:TQdwHNn1OCN4MQEZwUqsA
Static task
static1
Behavioral task
behavioral1
Sample
ba1e42b0fc454c041dd89ab04d9615c0N.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
ba1e42b0fc454c041dd89ab04d9615c0N.exe
Resource
win10v2004-20240730-en
Malware Config
Extracted
darkcomet
Guest16
betclock.zapto.org:35000
DC_MUTEX-LCQCVNZ
-
gencode
MGDU5FhLNYez
-
install
false
-
offline_keylogger
true
-
password
0123456789
-
persistence
false
Targets
-
-
Target
ba1e42b0fc454c041dd89ab04d9615c0N.exe
-
Size
324KB
-
MD5
ba1e42b0fc454c041dd89ab04d9615c0
-
SHA1
6c1f08e8818f4f11cbd145ca6d159b20a87b9091
-
SHA256
40df0baf051090f518f217c285992c7ce6c432b6989412ae6ef512ab8fc29b70
-
SHA512
646800af399c03154a2c7add396687745064e99e677f4ca88e27e62559c6e9cf319c39257b695661da0c27d265204b7309cdfb4d680cfb7f54b7b5ea0aaffdbb
-
SSDEEP
6144:cvhFCYZdP5aHNn1s7C+3S4R5wQrV/YbZwZ3ssu4eqswN8s1Pf4NAGy5uRyXR6P+R:TQdwHNn1OCN4MQEZwUqsA
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-