General
-
Target
c96b43f2f82c887e9d0f4ed04f4ab271058a5782956ff6f9ea5490c1552d29d8
-
Size
1.8MB
-
Sample
201106-2l8y5pjgkx
-
MD5
ce57e410fccfa5cef7fc8a54596639b1
-
SHA1
86470e960e1615885e2587ac72681d5f304a69bd
-
SHA256
c96b43f2f82c887e9d0f4ed04f4ab271058a5782956ff6f9ea5490c1552d29d8
-
SHA512
ef0d3882fa30eaa1d3327ab3aab94feee8d62f98d7d62f92097a359bc107e150c183772bcbe4c441b6aed249066d0ce3f011d9a823c44c6293bd2e145c40b4e4
Static task
static1
Behavioral task
behavioral1
Sample
c96b43f2f82c887e9d0f4ed04f4ab271058a5782956ff6f9ea5490c1552d29d8.exe
Resource
win7v20201028
Malware Config
Extracted
darkcomet
vbsted
forshared.ddns.net:6722
DC_MUTEX-6UPV0L8
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
kWdnrSvNCdV5
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
c96b43f2f82c887e9d0f4ed04f4ab271058a5782956ff6f9ea5490c1552d29d8
-
Size
1.8MB
-
MD5
ce57e410fccfa5cef7fc8a54596639b1
-
SHA1
86470e960e1615885e2587ac72681d5f304a69bd
-
SHA256
c96b43f2f82c887e9d0f4ed04f4ab271058a5782956ff6f9ea5490c1552d29d8
-
SHA512
ef0d3882fa30eaa1d3327ab3aab94feee8d62f98d7d62f92097a359bc107e150c183772bcbe4c441b6aed249066d0ce3f011d9a823c44c6293bd2e145c40b4e4
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-