General
-
Target
lab_samples.zip
-
Size
1.6MB
-
Sample
240628-njn2paxalh
-
MD5
707717e0811f03c3713616ab9354ae9f
-
SHA1
7b8ee97f65075ecd800381642bcbca4515a61cec
-
SHA256
596263884d5474c2d3bb01238718eb30ce2c8539c99f66fa26b92171c6786c26
-
SHA512
bff3f233ed55af5ee45b945856f96eab57e76e2481dd1e652bb755004b54dc1411c387c5b055056c92d51464c2abac9e6770221d520886df97610b8ff7d365b2
-
SSDEEP
49152:mXGgg7/0/FoAG6BKls7W9onqaRf/Hcfs826P5:GOioAt7W9onnRXHcfZ2q
Behavioral task
behavioral1
Sample
lab_samples/1e3966e77ad1cbf3e3ef76803fbf92300b2b88af39650a1208520e0cdc05645b.exe
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
lab_samples/1e3966e77ad1cbf3e3ef76803fbf92300b2b88af39650a1208520e0cdc05645b.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
darkcomet
Guest16
test213.no-ip.info:1604
DC_MUTEX-KHNEW06
-
InstallPath
MSDCSC\runddl32.exe
-
gencode
F6FE8i2BxCpu
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
lab_samples/1e3966e77ad1cbf3e3ef76803fbf92300b2b88af39650a1208520e0cdc05645b.exe
-
Size
766KB
-
MD5
405dba47e2b03f53db2101444e6a925c
-
SHA1
ed769ff77f46730a9b58a111c52f9e498ec00838
-
SHA256
1e3966e77ad1cbf3e3ef76803fbf92300b2b88af39650a1208520e0cdc05645b
-
SHA512
3628944242f0b9d80204dfddcea4189ee7f703ba4498c6a818c83d570d97477ec1273270fef65e993cb0f6bed2d0c915cd3d68a5b35375e257a3879f4859c869
-
SSDEEP
12288:Qq9hmQkwvH0pmjqM31df4NIAOCIWL92Tnhz0ehT2LPXvLtJ:TpkwMpm+i1dfcjIw921z0GT2Dvb
Score7/10-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-