General
-
Target
14929a757a1299c47ab1395a63d4c8ee
-
Size
775KB
-
Sample
201214-pf95v7xza2
-
MD5
14929a757a1299c47ab1395a63d4c8ee
-
SHA1
fcc28114965b83bee2919e450b7731feebbbdd09
-
SHA256
65d1b87c16eb44d2d057df7492af8ee0f0f070e59f6678d9cb04a40b33df0d0f
-
SHA512
856470354ab7956c5709589c3a77674ca8e265b5ae29748d5d4d2e52c8986b9f6d4f8166f4a9ecc47b9c9cfdc16d7d699d4cd03c7f6ef596f2e58a36348e01ec
Static task
static1
Behavioral task
behavioral1
Sample
14929a757a1299c47ab1395a63d4c8ee.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
14929a757a1299c47ab1395a63d4c8ee.exe
Resource
win10v20201028
Malware Config
Extracted
darkcomet
����
dcv123.no-ip.biz:1604
DC_MUTEX-45YS4L8
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
jvfglC4ADoBp
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
msdcsc
Targets
-
-
Target
14929a757a1299c47ab1395a63d4c8ee
-
Size
775KB
-
MD5
14929a757a1299c47ab1395a63d4c8ee
-
SHA1
fcc28114965b83bee2919e450b7731feebbbdd09
-
SHA256
65d1b87c16eb44d2d057df7492af8ee0f0f070e59f6678d9cb04a40b33df0d0f
-
SHA512
856470354ab7956c5709589c3a77674ca8e265b5ae29748d5d4d2e52c8986b9f6d4f8166f4a9ecc47b9c9cfdc16d7d699d4cd03c7f6ef596f2e58a36348e01ec
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-