General
-
Target
8a72a55d126b69bda2f37fd88050aeed02d97733f6777759b542db8a442435bc
-
Size
1.4MB
-
Sample
200624-vp3ewa7kpx
-
MD5
a537053d61af5278eea232eeb3ccc02f
-
SHA1
d5159b8e11babcf46a844521d2a651b79c4ba8f1
-
SHA256
8a72a55d126b69bda2f37fd88050aeed02d97733f6777759b542db8a442435bc
-
SHA512
a073993c43ebf94638e64e248a06ff02fbae9d2bcea5343a2a9ce3f91280c322dd171abeabd5d72f8972259a60f4c8fbfbe0a061e82c375227696c4db7ff98da
Static task
static1
Behavioral task
behavioral1
Sample
8a72a55d126b69bda2f37fd88050aeed02d97733f6777759b542db8a442435bc.exe
Resource
win7
Behavioral task
behavioral2
Sample
8a72a55d126b69bda2f37fd88050aeed02d97733f6777759b542db8a442435bc.exe
Resource
win10v200430
Malware Config
Extracted
darkcomet
Trade
gringomonster.no-ip.org:81
gringomonster.no-ip.org:82
gringomonster.no-ip.org:2000
gringomonster.no-ip.org:3000
gringomonster.no-ip.org:4000
gringomonster.no-ip.org:5000
DC_MUTEX-5RK5HC8
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
R47hPfLks2Sb
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
8a72a55d126b69bda2f37fd88050aeed02d97733f6777759b542db8a442435bc
-
Size
1.4MB
-
MD5
a537053d61af5278eea232eeb3ccc02f
-
SHA1
d5159b8e11babcf46a844521d2a651b79c4ba8f1
-
SHA256
8a72a55d126b69bda2f37fd88050aeed02d97733f6777759b542db8a442435bc
-
SHA512
a073993c43ebf94638e64e248a06ff02fbae9d2bcea5343a2a9ce3f91280c322dd171abeabd5d72f8972259a60f4c8fbfbe0a061e82c375227696c4db7ff98da
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
autoit_exe
AutoIT scripts compiled to PE executables.
-