General
-
Target
643360deb1ae0864baad3e8c8edea7ee5693720fe9fad84b4ddac29cb5f63891.exe
-
Size
758KB
-
Sample
201109-tv6sa1cgkn
-
MD5
363b1f1af6f481e6498a1195272abe79
-
SHA1
9712b3c3df12c673623fd392adb97b239986fed4
-
SHA256
dcee7332f062683247eeb635ffea3a09c742e19bb0ea0f717b43bc1663195fd7
-
SHA512
e4f1490741fbe4ccd51f22e45e9c76a889492f47c45085cac9f38b7b7589d4733c3db01e1a2033a56640141f4d00660fe9a58589348a39613d58db279616d758
Static task
static1
Behavioral task
behavioral1
Sample
643360deb1ae0864baad3e8c8edea7ee5693720fe9fad84b4ddac29cb5f63891.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
643360deb1ae0864baad3e8c8edea7ee5693720fe9fad84b4ddac29cb5f63891.exe
Resource
win10v20201028
Malware Config
Extracted
darkcomet
Guest16
37.53.94.245:1604
DC_MUTEX-CA3JPES
-
InstallPath
MSDCSC\msdcsa.exe
-
gencode
NTfqNtVkHorv
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
643360deb1ae0864baad3e8c8edea7ee5693720fe9fad84b4ddac29cb5f63891.exe
-
Size
758KB
-
MD5
363b1f1af6f481e6498a1195272abe79
-
SHA1
9712b3c3df12c673623fd392adb97b239986fed4
-
SHA256
dcee7332f062683247eeb635ffea3a09c742e19bb0ea0f717b43bc1663195fd7
-
SHA512
e4f1490741fbe4ccd51f22e45e9c76a889492f47c45085cac9f38b7b7589d4733c3db01e1a2033a56640141f4d00660fe9a58589348a39613d58db279616d758
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-