General
-
Target
7d50e7733ae44d92ee7039760eeaf50e88b540369de86441b829635e0edc583e
-
Size
1.8MB
-
Sample
201108-89cjvgt1v6
-
MD5
f183f2ab7e5d0ca6934664b4f0aa7ee9
-
SHA1
34ee0819365d8e4313bea00d100ae99d39b11bc0
-
SHA256
7d50e7733ae44d92ee7039760eeaf50e88b540369de86441b829635e0edc583e
-
SHA512
f5770ad4ad1c4fddbb158c952f8aecaf92997ada35b01c120e77fcc8e573c2fdd5446fabe2c0946a58c45d896e11e800dc7ddf9d30f4eb758e6a8401bdd50cc8
Static task
static1
Behavioral task
behavioral1
Sample
7d50e7733ae44d92ee7039760eeaf50e88b540369de86441b829635e0edc583e.exe
Resource
win7v20201028
Malware Config
Extracted
darkcomet
vbsted
forshared.ddns.net:6722
DC_MUTEX-6UPV0L8
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
kWdnrSvNCdV5
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
7d50e7733ae44d92ee7039760eeaf50e88b540369de86441b829635e0edc583e
-
Size
1.8MB
-
MD5
f183f2ab7e5d0ca6934664b4f0aa7ee9
-
SHA1
34ee0819365d8e4313bea00d100ae99d39b11bc0
-
SHA256
7d50e7733ae44d92ee7039760eeaf50e88b540369de86441b829635e0edc583e
-
SHA512
f5770ad4ad1c4fddbb158c952f8aecaf92997ada35b01c120e77fcc8e573c2fdd5446fabe2c0946a58c45d896e11e800dc7ddf9d30f4eb758e6a8401bdd50cc8
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-