General
-
Target
f4ea9fff1bf1a064e7101035b0dd4e6a3c6b7b1ce2c88e569fb653a34f63d967N
-
Size
520KB
-
Sample
241017-t5s6esxhpn
-
MD5
fd70e2db35cfb4f56df1dd49f0846190
-
SHA1
3c398665ec66a57c213d82ffb53c41cc6574007c
-
SHA256
f4ea9fff1bf1a064e7101035b0dd4e6a3c6b7b1ce2c88e569fb653a34f63d967
-
SHA512
edad6a9a96075f8eaf672373617876ae79911fb55ee311864e7556d4f12de038e0da879c91f37ecdff7e18db48e56ecec94d4c5c607b190d817c0746b452b217
-
SSDEEP
6144:f9GGo2CwtGg6eeihEfph2CMvvqqSaYwpncOeC66AOa0aFtVEQfTo1ozVqMbF:f9fC3hh29Ya77A90aFtDfT5IMbF
Static task
static1
Behavioral task
behavioral1
Sample
f4ea9fff1bf1a064e7101035b0dd4e6a3c6b7b1ce2c88e569fb653a34f63d967N.exe
Resource
win7-20240903-en
Malware Config
Extracted
darkcomet
PrivateEye
ratblackshades.no-ip.biz:1604
DC_MUTEX-ACC1R98
-
gencode
8GG5LVVGljSF
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
f4ea9fff1bf1a064e7101035b0dd4e6a3c6b7b1ce2c88e569fb653a34f63d967N
-
Size
520KB
-
MD5
fd70e2db35cfb4f56df1dd49f0846190
-
SHA1
3c398665ec66a57c213d82ffb53c41cc6574007c
-
SHA256
f4ea9fff1bf1a064e7101035b0dd4e6a3c6b7b1ce2c88e569fb653a34f63d967
-
SHA512
edad6a9a96075f8eaf672373617876ae79911fb55ee311864e7556d4f12de038e0da879c91f37ecdff7e18db48e56ecec94d4c5c607b190d817c0746b452b217
-
SSDEEP
6144:f9GGo2CwtGg6eeihEfph2CMvvqqSaYwpncOeC66AOa0aFtVEQfTo1ozVqMbF:f9fC3hh29Ya77A90aFtDfT5IMbF
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-