General
-
Target
f52cc86d7cf14cdc0c501285f31418a702fb88fceb639e5c4b295f9d9bcadb29
-
Size
421KB
-
Sample
200629-dbfk7jf6y6
-
MD5
d01ebe2d4344efa13475e7d318dc72e0
-
SHA1
317411d3f7037875abf3c999654c7f485b25d826
-
SHA256
f52cc86d7cf14cdc0c501285f31418a702fb88fceb639e5c4b295f9d9bcadb29
-
SHA512
a74aded748a5f32ff7ff84579a781aea7c8a115925416ed0a2ce840e807ca8ed915e0e6a64d480597e73a4b32a4ac4b178ad6c600a6d4b4866100f9b06fb8c42
Static task
static1
Behavioral task
behavioral1
Sample
f52cc86d7cf14cdc0c501285f31418a702fb88fceb639e5c4b295f9d9bcadb29.exe
Resource
win7v200430
Malware Config
Extracted
darkcomet
Guest16
85.243.174.90:2020
192.168.1.67:2020
pedroduartef99.no-ip.org:2020
DC_MUTEX-EAVT3D7
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
zFqKpfw5Q1gT
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
f52cc86d7cf14cdc0c501285f31418a702fb88fceb639e5c4b295f9d9bcadb29
-
Size
421KB
-
MD5
d01ebe2d4344efa13475e7d318dc72e0
-
SHA1
317411d3f7037875abf3c999654c7f485b25d826
-
SHA256
f52cc86d7cf14cdc0c501285f31418a702fb88fceb639e5c4b295f9d9bcadb29
-
SHA512
a74aded748a5f32ff7ff84579a781aea7c8a115925416ed0a2ce840e807ca8ed915e0e6a64d480597e73a4b32a4ac4b178ad6c600a6d4b4866100f9b06fb8c42
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-