General
-
Target
bf5450720dc7a16cf3a0a1555db7f297d01c30468b3d780b2cd17fc17e54fe32
-
Size
759KB
-
Sample
210223-3e62r4vqjj
-
MD5
0033390156302419d1c2443fb91b3b7d
-
SHA1
d1f62d7c700090f9d19a534109e783d13fd4ff48
-
SHA256
bf5450720dc7a16cf3a0a1555db7f297d01c30468b3d780b2cd17fc17e54fe32
-
SHA512
17b88128a27d2ac444b71c31019eeda32dadd7ff14806e5210f33220eede8921c3fb2a1115fde157e33e1f87794420b6f720d347418d99cbeeeb30df6bec4b0d
Behavioral task
behavioral1
Sample
bf5450720dc7a16cf3a0a1555db7f297d01c30468b3d780b2cd17fc17e54fe32.exe
Resource
win7v20201028
Malware Config
Extracted
darkcomet
killme
exte.duckdns.org:1604
DC_MUTEX-1B8PLBC
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
Vb8gzzR5D30d
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
bf5450720dc7a16cf3a0a1555db7f297d01c30468b3d780b2cd17fc17e54fe32
-
Size
759KB
-
MD5
0033390156302419d1c2443fb91b3b7d
-
SHA1
d1f62d7c700090f9d19a534109e783d13fd4ff48
-
SHA256
bf5450720dc7a16cf3a0a1555db7f297d01c30468b3d780b2cd17fc17e54fe32
-
SHA512
17b88128a27d2ac444b71c31019eeda32dadd7ff14806e5210f33220eede8921c3fb2a1115fde157e33e1f87794420b6f720d347418d99cbeeeb30df6bec4b0d
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-