General
-
Target
72263cf2067ce1601a07f821b1b84755
-
Size
1.8MB
-
Sample
201117-bnqaevy14e
-
MD5
739ca775c833ba8c469ee2a53e1db2b5
-
SHA1
60fcb08996081e8ea4c7fee17a2861ee56c62a5d
-
SHA256
52d5e596c1da82e5895bcd485a98989ff1b81ab3ee5baa13a41ff1c2808493eb
-
SHA512
4e36ed5e3359c21648290843d4607e64b2229399c1919438d2301c17b3cac010062dee23037cc9fd8d7311764ee832659c71c6f6b2612a3922d331de22941fb2
Static task
static1
Behavioral task
behavioral1
Sample
72263cf2067ce1601a07f821b1b84755.exe
Resource
win7v20201028
Malware Config
Extracted
darkcomet
vbsted
forshared.ddns.net:6722
DC_MUTEX-6UPV0L8
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
kWdnrSvNCdV5
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
72263cf2067ce1601a07f821b1b84755
-
Size
1.8MB
-
MD5
739ca775c833ba8c469ee2a53e1db2b5
-
SHA1
60fcb08996081e8ea4c7fee17a2861ee56c62a5d
-
SHA256
52d5e596c1da82e5895bcd485a98989ff1b81ab3ee5baa13a41ff1c2808493eb
-
SHA512
4e36ed5e3359c21648290843d4607e64b2229399c1919438d2301c17b3cac010062dee23037cc9fd8d7311764ee832659c71c6f6b2612a3922d331de22941fb2
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-