General
-
Target
273fc22bc707da117959cd5088c60c3052962fe183a51a2b8a6c66820723cbfd
-
Size
1.8MB
-
Sample
201115-ne8d3n4rh6
-
MD5
9dac373d8e40e65460db0238cb110473
-
SHA1
240d9a67dbb28122beb4569a3fe04788459d5628
-
SHA256
273fc22bc707da117959cd5088c60c3052962fe183a51a2b8a6c66820723cbfd
-
SHA512
47f593b674ef732eabe676f569c51764ea73f60778cb033bd0cf92830e44d51bb6e08f319c9de04ad65abb39d807bc3fda5d93313db6424c9393ce64dd9f4a96
Static task
static1
Behavioral task
behavioral1
Sample
273fc22bc707da117959cd5088c60c3052962fe183a51a2b8a6c66820723cbfd.exe
Resource
win7v20201028
Malware Config
Extracted
darkcomet
vbsted
forshared.ddns.net:6722
DC_MUTEX-6UPV0L8
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
kWdnrSvNCdV5
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
273fc22bc707da117959cd5088c60c3052962fe183a51a2b8a6c66820723cbfd
-
Size
1.8MB
-
MD5
9dac373d8e40e65460db0238cb110473
-
SHA1
240d9a67dbb28122beb4569a3fe04788459d5628
-
SHA256
273fc22bc707da117959cd5088c60c3052962fe183a51a2b8a6c66820723cbfd
-
SHA512
47f593b674ef732eabe676f569c51764ea73f60778cb033bd0cf92830e44d51bb6e08f319c9de04ad65abb39d807bc3fda5d93313db6424c9393ce64dd9f4a96
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-