General
-
Target
fca179fad8f5926381442196918d56565af187fb4f53cc99c0dd2070831a8f1e
-
Size
1.8MB
-
Sample
201113-g39zdx31se
-
MD5
9aa948ba3a29d8b3020bc24947949fcf
-
SHA1
e8719b8824987e3813a715bcb5a54557baa32157
-
SHA256
fca179fad8f5926381442196918d56565af187fb4f53cc99c0dd2070831a8f1e
-
SHA512
8dccb7c2025efe211aacbe1eb9c78b65cb0330f1a5f16a95d8492652317662f3b23691c9a22018f1e7c7043acc71406192b073344601f5633353650fd09a476e
Static task
static1
Behavioral task
behavioral1
Sample
fca179fad8f5926381442196918d56565af187fb4f53cc99c0dd2070831a8f1e.exe
Resource
win7v20201028
Malware Config
Extracted
darkcomet
vbsted
forshared.ddns.net:6722
DC_MUTEX-6UPV0L8
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
kWdnrSvNCdV5
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
fca179fad8f5926381442196918d56565af187fb4f53cc99c0dd2070831a8f1e
-
Size
1.8MB
-
MD5
9aa948ba3a29d8b3020bc24947949fcf
-
SHA1
e8719b8824987e3813a715bcb5a54557baa32157
-
SHA256
fca179fad8f5926381442196918d56565af187fb4f53cc99c0dd2070831a8f1e
-
SHA512
8dccb7c2025efe211aacbe1eb9c78b65cb0330f1a5f16a95d8492652317662f3b23691c9a22018f1e7c7043acc71406192b073344601f5633353650fd09a476e
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-