General
-
Target
eb37bfd04a799f257163030196f110fb6c12eea4e797bcd3e14c12b6ac789666
-
Size
1.8MB
-
Sample
201111-7hjjdeb5x6
-
MD5
72263cf2067ce1601a07f821b1b84755
-
SHA1
05814d589db2d6c9b64e025de8183c2d705c9c38
-
SHA256
eb37bfd04a799f257163030196f110fb6c12eea4e797bcd3e14c12b6ac789666
-
SHA512
4e7dfbe8d189cd4ba8f338141dd6a10488233d3ce8d25ba3a760c62a222ef2a3f99172fb21837230b7fab8fba1168cef08f90aca62f0ad764992f41f9e7df9f8
Static task
static1
Behavioral task
behavioral1
Sample
eb37bfd04a799f257163030196f110fb6c12eea4e797bcd3e14c12b6ac789666.exe
Resource
win7v20201028
Malware Config
Extracted
darkcomet
vbsted
forshared.ddns.net:6722
DC_MUTEX-6UPV0L8
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
kWdnrSvNCdV5
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
eb37bfd04a799f257163030196f110fb6c12eea4e797bcd3e14c12b6ac789666
-
Size
1.8MB
-
MD5
72263cf2067ce1601a07f821b1b84755
-
SHA1
05814d589db2d6c9b64e025de8183c2d705c9c38
-
SHA256
eb37bfd04a799f257163030196f110fb6c12eea4e797bcd3e14c12b6ac789666
-
SHA512
4e7dfbe8d189cd4ba8f338141dd6a10488233d3ce8d25ba3a760c62a222ef2a3f99172fb21837230b7fab8fba1168cef08f90aca62f0ad764992f41f9e7df9f8
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-