General
-
Target
ec06c4752f4ae2a0beae7f59c5ae891617891237bc3737aac96e7d20a8ebf65e
-
Size
1.8MB
-
Sample
201109-3cl9r52jd2
-
MD5
a56044b0c60de9b761a2c3b2707972f0
-
SHA1
1e33c1f77a16d7c1448b0134b8f0524b82cc872a
-
SHA256
ec06c4752f4ae2a0beae7f59c5ae891617891237bc3737aac96e7d20a8ebf65e
-
SHA512
21921479eb76d14c46482159a18c8ff735d115f1ad55ff5c9db92a0c1577839bec576933d5bbd673264706207576d8e93da1470d55e8945acead1e847ade9bb4
Static task
static1
Behavioral task
behavioral1
Sample
ec06c4752f4ae2a0beae7f59c5ae891617891237bc3737aac96e7d20a8ebf65e.exe
Resource
win7v20201028
Malware Config
Extracted
darkcomet
vbsted
forshared.ddns.net:6722
DC_MUTEX-6UPV0L8
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
kWdnrSvNCdV5
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
ec06c4752f4ae2a0beae7f59c5ae891617891237bc3737aac96e7d20a8ebf65e
-
Size
1.8MB
-
MD5
a56044b0c60de9b761a2c3b2707972f0
-
SHA1
1e33c1f77a16d7c1448b0134b8f0524b82cc872a
-
SHA256
ec06c4752f4ae2a0beae7f59c5ae891617891237bc3737aac96e7d20a8ebf65e
-
SHA512
21921479eb76d14c46482159a18c8ff735d115f1ad55ff5c9db92a0c1577839bec576933d5bbd673264706207576d8e93da1470d55e8945acead1e847ade9bb4
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-