General
-
Target
78b1751491463b0d579eda079654d1dfb9296b98e2867b4fdc765256e5962398
-
Size
1.5MB
-
Sample
200629-jjdlydfl4j
-
MD5
edb8b19beede18b21ec7ebc847271fd1
-
SHA1
8ec1c660059fc6a0571782fe17ed30787055b278
-
SHA256
78b1751491463b0d579eda079654d1dfb9296b98e2867b4fdc765256e5962398
-
SHA512
88197dc5f5480378481f0fc8165c051dc87148176fcae89a9367eaf004506d82755596f89c0d6fecbea5005301514caf507c1145edd9b657192258d10804e5c3
Static task
static1
Behavioral task
behavioral1
Sample
78b1751491463b0d579eda079654d1dfb9296b98e2867b4fdc765256e5962398.exe
Resource
win7v200430
Behavioral task
behavioral2
Sample
78b1751491463b0d579eda079654d1dfb9296b98e2867b4fdc765256e5962398.exe
Resource
win10
Malware Config
Extracted
darkcomet
Sazan
ya123131.duckdns.org:1604
DC_MUTEX-LYRTGU5
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
m1B9veJm8Qlx
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
78b1751491463b0d579eda079654d1dfb9296b98e2867b4fdc765256e5962398
-
Size
1.5MB
-
MD5
edb8b19beede18b21ec7ebc847271fd1
-
SHA1
8ec1c660059fc6a0571782fe17ed30787055b278
-
SHA256
78b1751491463b0d579eda079654d1dfb9296b98e2867b4fdc765256e5962398
-
SHA512
88197dc5f5480378481f0fc8165c051dc87148176fcae89a9367eaf004506d82755596f89c0d6fecbea5005301514caf507c1145edd9b657192258d10804e5c3
Score10/10-
Modifies WinLogon for persistence
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-