General
-
Target
0004 Spec Orede Req.pdf.exe
-
Size
1.8MB
-
Sample
191209-bdedd588ca
-
MD5
d7ee787127e8a5727dd90434f6941a2d
-
SHA1
aec8070aeba0d4177476494336d6cccb752d83e6
-
SHA256
d31b4b000ea53806260be91ca05b91bfcb04c56bd68ed457109e5cab14914587
-
SHA512
57936249eea46d8af818e01e21017e3563223b1fb8c63cc5d4af95e1a5a3be6e446de01f3bf149d0a512585d6cf24dbb2557a4df382a46d0a0dc66ef06d9e5cf
Task
task1
Sample
0004 Spec Orede Req.pdf.exe
Resource
win7v191014
Task
task2
Sample
0004 Spec Orede Req.pdf.exe
Resource
win10v191014
Static task
static1
Malware Config
Extracted
darkcomet
3-OCTOBER 2019
timmy77.ddns.net:13251
DC_MUTEX-AZAG0NH
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
EsnagdjpAd20
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
0004 Spec Orede Req.pdf.exe
-
Size
1.8MB
-
MD5
d7ee787127e8a5727dd90434f6941a2d
-
SHA1
aec8070aeba0d4177476494336d6cccb752d83e6
-
SHA256
d31b4b000ea53806260be91ca05b91bfcb04c56bd68ed457109e5cab14914587
-
SHA512
57936249eea46d8af818e01e21017e3563223b1fb8c63cc5d4af95e1a5a3be6e446de01f3bf149d0a512585d6cf24dbb2557a4df382a46d0a0dc66ef06d9e5cf
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-