General
-
Target
SolaraBETA.exe
-
Size
726KB
-
Sample
240621-nqwecasaln
-
MD5
4e1596a62d16da74891e32ce35504e32
-
SHA1
575f028368cc2126850889fdb08a5533d43256ac
-
SHA256
b0bc11ed599ee0020aada24b7c60d8ae7d2a6cf14e57930ed350ca7418c5b944
-
SHA512
ed4329e4be047bd76f0eead7ff44ad7e4aca6ce03448e2bb951a7b82d5662d3a6eefc135a1b6bf1c655f24b18fa7b4636220c29587edf3a2eaddd588b6139cc0
-
SSDEEP
12288:S4HXhpvNWw276S/DuoeFcfbmiJ99VPhYR5MTSHvLenELrWv1lZw4JuMkMh/fy45h:SOnAw2WWeFcfbP9VPSPMTSPL/rWvzq4R
Malware Config
Extracted
darkcomet
Guest16
carolina-reverse.gl.at.ply.gg:34609
DC_MUTEX-JRUP3DU
-
gencode
czMBApdJTvqd
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
SolaraBETA.exe
-
Size
726KB
-
MD5
4e1596a62d16da74891e32ce35504e32
-
SHA1
575f028368cc2126850889fdb08a5533d43256ac
-
SHA256
b0bc11ed599ee0020aada24b7c60d8ae7d2a6cf14e57930ed350ca7418c5b944
-
SHA512
ed4329e4be047bd76f0eead7ff44ad7e4aca6ce03448e2bb951a7b82d5662d3a6eefc135a1b6bf1c655f24b18fa7b4636220c29587edf3a2eaddd588b6139cc0
-
SSDEEP
12288:S4HXhpvNWw276S/DuoeFcfbmiJ99VPhYR5MTSHvLenELrWv1lZw4JuMkMh/fy45h:SOnAw2WWeFcfbP9VPSPMTSPL/rWvzq4R
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-