General
-
Target
544529431b4a0b9511e81a8e2e253eb873806401a8e97920c13f3d3c703041b2
-
Size
1.8MB
-
Sample
201112-h7mb95727x
-
MD5
e782814693445d42a8e70e04a95a4b9c
-
SHA1
4c19ee53594a2a2b4f714ac7e02a6801c9f37ec6
-
SHA256
544529431b4a0b9511e81a8e2e253eb873806401a8e97920c13f3d3c703041b2
-
SHA512
b8833904e624271dcd79a1b87a4255436be76b5183b59677074d177bf96ba8dd63bdc45f0d713ca1032c66f898a03a24a598e818626d991abd30d5dffe6ea331
Static task
static1
Behavioral task
behavioral1
Sample
544529431b4a0b9511e81a8e2e253eb873806401a8e97920c13f3d3c703041b2.exe
Resource
win7v20201028
Malware Config
Extracted
darkcomet
vbsted
forshared.ddns.net:6722
DC_MUTEX-6UPV0L8
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
kWdnrSvNCdV5
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
544529431b4a0b9511e81a8e2e253eb873806401a8e97920c13f3d3c703041b2
-
Size
1.8MB
-
MD5
e782814693445d42a8e70e04a95a4b9c
-
SHA1
4c19ee53594a2a2b4f714ac7e02a6801c9f37ec6
-
SHA256
544529431b4a0b9511e81a8e2e253eb873806401a8e97920c13f3d3c703041b2
-
SHA512
b8833904e624271dcd79a1b87a4255436be76b5183b59677074d177bf96ba8dd63bdc45f0d713ca1032c66f898a03a24a598e818626d991abd30d5dffe6ea331
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-