General
-
Target
6a90e5d6b3a93cf1d6b87a99c6fc23a0c3b798478238a1dc20838c4a25b5cd2e
-
Size
1.5MB
-
Sample
200706-19w34j5ewj
-
MD5
3588c7e12a3dcf3fdd74ca1828873a05
-
SHA1
1cae954471e543fdf22e2f332635a92e652c7992
-
SHA256
6a90e5d6b3a93cf1d6b87a99c6fc23a0c3b798478238a1dc20838c4a25b5cd2e
-
SHA512
6c1b3e3621a3018a87e61259895fe2fe34feef6e6c8836cb32caac7a8d6ceaf4a001dbf014ec226f9ea8c3d5b92f2f97fb78e7189fbf9fc5a0d28fbc716999b4
Static task
static1
Behavioral task
behavioral1
Sample
6a90e5d6b3a93cf1d6b87a99c6fc23a0c3b798478238a1dc20838c4a25b5cd2e.exe
Resource
win7
Behavioral task
behavioral2
Sample
6a90e5d6b3a93cf1d6b87a99c6fc23a0c3b798478238a1dc20838c4a25b5cd2e.exe
Resource
win10
Malware Config
Extracted
darkcomet
Sazan
192.168.0.10:1604
DC_MUTEX-W4T2SBC
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
nlveCPNhWUHe
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
6a90e5d6b3a93cf1d6b87a99c6fc23a0c3b798478238a1dc20838c4a25b5cd2e
-
Size
1.5MB
-
MD5
3588c7e12a3dcf3fdd74ca1828873a05
-
SHA1
1cae954471e543fdf22e2f332635a92e652c7992
-
SHA256
6a90e5d6b3a93cf1d6b87a99c6fc23a0c3b798478238a1dc20838c4a25b5cd2e
-
SHA512
6c1b3e3621a3018a87e61259895fe2fe34feef6e6c8836cb32caac7a8d6ceaf4a001dbf014ec226f9ea8c3d5b92f2f97fb78e7189fbf9fc5a0d28fbc716999b4
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-