General
-
Target
2fa59f06afb2e3c9bfa441137dbb4edeaec4c3c6ebf1fab6a7bf33cfa253a588
-
Size
856KB
-
Sample
200624-yee94zpw6a
-
MD5
0241203fc5f46bb391c718d99aeb74fa
-
SHA1
56d18760a6bb948c7887f40e3f3a1b8395b54672
-
SHA256
2fa59f06afb2e3c9bfa441137dbb4edeaec4c3c6ebf1fab6a7bf33cfa253a588
-
SHA512
bad9e676fc6c51c9d54e53f8e4966994b05451f39c5f2091a0c442e4c4ec78e05ffc8b9f3e3319b5df2d3706a75c2c0b2200875569e56e69f45c8c4e10a836b5
Behavioral task
behavioral1
Sample
2fa59f06afb2e3c9bfa441137dbb4edeaec4c3c6ebf1fab6a7bf33cfa253a588.exe
Resource
win7v200430
Behavioral task
behavioral2
Sample
2fa59f06afb2e3c9bfa441137dbb4edeaec4c3c6ebf1fab6a7bf33cfa253a588.exe
Resource
win10
Malware Config
Extracted
darkcomet
PORT
toxicwithahmet.duckdns.org:1604
DC_MUTEX-7R6RAYW
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
CNR8TCZiNUeR
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
2fa59f06afb2e3c9bfa441137dbb4edeaec4c3c6ebf1fab6a7bf33cfa253a588
-
Size
856KB
-
MD5
0241203fc5f46bb391c718d99aeb74fa
-
SHA1
56d18760a6bb948c7887f40e3f3a1b8395b54672
-
SHA256
2fa59f06afb2e3c9bfa441137dbb4edeaec4c3c6ebf1fab6a7bf33cfa253a588
-
SHA512
bad9e676fc6c51c9d54e53f8e4966994b05451f39c5f2091a0c442e4c4ec78e05ffc8b9f3e3319b5df2d3706a75c2c0b2200875569e56e69f45c8c4e10a836b5
Score10/10-
Modifies WinLogon for persistence
-
Adds Run key to start application
-